IN: Telangana Government Site Flaw Exposed Sensitive Data of All Its Employees, Pensioners; Fixed Only After Three Months
Jagmeet Singh reports:
Telangana state government took over three months to protect sensitive details of its employees and pensioners from its website. The Indian Computer Emergency Response Team (CERT-In) confirmed the vulnerability and replied on email in September to say that the authorities had been intimated about the issue, and Telangana IT Secretary Jayesh Ranjan assured a fix.
In August, a server misconfiguration was found on the Telangana government site that risked exposing over 130,000 official files.
More than three months to lock down data after being notified? That sounds… inexcusable. And if you read the full article, you’ll see comments by security people that suggest that then entire web site is a security train wreck that needs to be rebuilt from the ground up. But in the meantime…. ugh.
Read more on Gadgets360.