The government has blocked a few websites exposing sensitive personal identifiable information, including Aadhaar and PAN Card details of Indian citizens, an official statement said on Thursday.
The action was taken after the Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, found security flaws in the websites.
"It has come to the notice of the MeitY that some websites were exposing sensitive personal identifiable information, including Aadhaar and PAN Card details of Indian citizens. This has been taken up seriously as the Government accords the highest priority to safe cyber security practices and the protection of personal data. In line with this, prompt action has been taken to block these websites," the statement said.
The Unique Identification Authority of India (UIDAI) has lodged a complaint with the police authorities concerned for violation of the prohibition under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 on public display of Aadhaar information.
"The analysis of these websites by the Indian Computer Emergency Response Team (CERT-In) has shown some security flaws in these websites. The concerned website owners have been provided guidance about the actions to be taken at their end for hardening the ICT infrastructures and fixing the vulnerabilities," the statement said.
MeitY has notified the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, which provide for non-publication and non-disclosure of sensitive personal data.
Any adversely affected party can approach the Adjudicating Officer of the IT Act to file a complaint and seek compensation.
The IT secretaries of the states are empowered as adjudicating officers under the IT Act.
Meity said the Digital Personal Data Protection Act, 2023, has already been enacted and the rules under the act are in the advanced stage of drafting.
Last week, a cyber security researcher claimed that Star Health Insurance officials had sold data of 3.1 crore customers.
The hacker had created Telegram bots to access data of 31,216,953 customers updated till July 2024 and 5,758,425 claims of the company available till early August.
The email conversation video showed the email ID of the senior company official. The conversation video shows an email chat as well as a chat on an instant messaging forum between xenZen and the company official for the deal.
The deal was initially finalised for USD 28,000, but later, the official demanded USD 1,50,000 on the pretext that he had to pay a share to senior-level management for the continuation of the data leak.
Star Health Insurance has sued the hacker, Telegram and others in the case.
Any leak of personal details of people makes them vulnerable to online scams.
