Data breach in KU: Proactive measures required to avoid cyber attacks

SHAKEELA ANDRABI

SRINAGAR: It was August 10, 2022, when University of Kashmir (KU) was caught napping in detecting an alleged data breach related to University students and teachers. Issue of data breach was reported to University by a news portal based in Bangalore which reported that personal data of 1 million+ students and employees of University was put on sale by hackers on what’s called as ‘Dark Web’, a hidden part of internet world that cannot be accessed by ordinary people. “It’s really shocking that University authorities could not detect the data breach on its own and had to rely on media reports for the same,” wrote a social-media user. The University authorities, after incident, issued a statement claiming that University’s ‘data is unmodified’ and that it was ‘analyzing any breach of data read (which is accessible in public domain) in depth.’
Meantime, officials of the University themselves acknowledged that CERT-In, a national nodal agency of the MeitY (Ministry of Information Technology, Government of India), had sought a detailed report from University authorities about the alleged data breach. “CERT has sought a report from us and we are responding to them within specified time frame,” said an official.
Interestingly, the University has its own Data Center which has been procured and set-up after spending lakhs (some say Rs 2 crore including installation), however, the current data breach has raised a question on its ‘operational efficacy’. If sources are to be believed, the University Administration has lodged FIR with Cyber Police Srinagar regarding hacking incident, thus negating its own claim that the ‘data is safe.’
More shocking is that Kashmir University has appointed a professor of Botany to head inquiry committee related to recent breach of data. According to the sources, a man who is a specialist in Botany, has been tasked to head an inquiry panel regarding IT. It is being believed that present incident has indicated that the University’s data system is highly vulnerable and in need of stronger firewalls, protocols and cyber security.