Thiruvananthapuram: The Centre for Development of Imaging Technology (C-DIT) authorities said that the data leak of Kerala government’s scholarship website e-grantz has been resolved. The action was taken immediately after mathrubhumi.com revealed the security lapse in the website.
However, the officials said that it can’t be confirmed whether anyone has downloaded the personal information of the scholarship beneficiaries from the website already.
A senior official at C-DIT told mathrubhumi.com that the security lapse occurred because the backup files were not deleted after changing the server. “Such lapses usually do not occur in websites developed by C-DIT, this was a mistake,” he added.
server. “Such lapses usually do not occur in websites developed by C-DIT, this was a mistake,” he added.
In a major security lapse, large number of files containing photos and bank passbook details of students were easily available for download from the website. The security lapse was found in the website www.egrantz.kerala.gov.in which is used for submitting applications for scholarships for the students who belong to SC, ST and OBC categories and for other benefits. Akhilesh B. Chandran, a software engineer at a private company in Thiruvananthapuram had identified the issue and notified mathrubhumi.com.
The copies of the first pages of 2.68 lakh bank passbooks were available in the website easily accessible for anyone. The profile pictures of the students and other details could be downloaded. The folder that contains the passbook data was of 15 GB size and the one containing profile pictures was of 6 GB size. Each folder contained over 2 lakh files. Another folder with a size of 180 GB was also available on the site.
Anyone who has the login ID for the website can enter the folder that has profile pictures, said Akhilesh. Those who know about this can access the files without logging in. The folders containing profile pictures and bank passbooks were checked and verified by mathrubhumi.com. Akhilesh said that the data leakage occurred due to the lapses in file backup process.
The issue came to light at a time when data leakage and privacy issues are being widely discussed.