Personal details of over 2,000 students, especially of Delhi University’s Faculty of Law, were left poorly secured on the university’s admit card portal till Thursday evening.
The Hindu was able to access over 30 admit cards of students from the Campus Law Centre, Law Centre 1 and Law Centre 2, containing their personal details due to the breach.
‘Easily accessible’
Dean of Examinations Vinay Gupta admitted that there was an issue, especially with the Faculty of Law students as details from the previous semester were accessible from the results page of the university’s website.
To access the admit cards, only three fields were required to be filled up: students’ names, roll numbers and a college ‘gateway code’, which was a single code issued to all students for a particular institution.
In the case of the Law Faculty Centres, students informed that the college code for all three centres were circulated on the WhatsApp group. Using this, combined with the information available online, personal details of all final-year students could be accessed. Students of other colleges also informed that it was very easy to identify the roll number of a fellow student given that they were sequentially organised. “It would be very easy to get this information using it,” said a Ramjas College student.
Changes were made to the process after The Hindu reached out for comments, Mr. Gupta confirmed. An OTP system was introduced for students to get their admit cards after submitting a password to unlock it. The OTP would be sent to their registered email accounts, Mr. Gupta said.
The issue was initially raised by Vivek Prasad, a final-year CLC student on social media. “Delhi University’s online admit cards are a privacy disaster!...Anyone with college code [easily known] can access any student’s admit card...and see the address” he tweeted, detailing the issue. Mr. Prasad said that the the gateway code had been sent late last night.
Student’s group NSUI, raised concerns over the issue, arguing that personal details of women students could be used by stalkers as well as by private coaching institutes. Highlighting that the university had made other mistakes in the open book examination process, the NSUI argued that the exam should be cancelled.