The Indian government failed to protect personally identifying information of millions of students and teachers on its ‘DIKSHA’ public education application exposing them to risks of data breach, scams, hacks and other harms, according to a report by WIRED. A UK-based security researcher identified the security lapse in June last year and alerted the DIKSHA team through a support email, but received no response. The Digital Infrastructure for Knowledge Sharing or DIKSHA platform is the Centre’s own EdTech public education platform, initiated by the NCERT and was launched in 2017. During the Covid-19 pandemic, it became a primary tool for many students to access learning material at home. While the tool became accessible to students across the country, there was little or no attention paid to the security of people’s data stored in an “unprotected” cloud server. According to the report by WIRED, the files in the "unsecured server contained full names, phone numbers and email addresses of more than one million teachers". The data also revealed details of teachers working in different states across the country. Another file exposed data of nearly 600,000 students, with their full names, school information and details of their enrolment in a course on the app and how it has progressed. However, the email addresses and phone numbers of these students were "partially obscured". The security researcher, who wished to remain anonymous, said that there were thousands of such files on the server. The researcher had reached out to DIKSHA offering to share more…
You must be logged in to post a comment Login