In a decisive move to safeguard citizens' sensitive information, the Indian government has blocked several websites found to be exposing personal identifiable information, including Aadhaar and PAN Card details. This action follows a report from the Indian Computer Emergency Response Team (CERT-In), part of the Ministry of Electronics and Information Technology, which identified significant security flaws on these sites.

The official statement highlighted the government's commitment to cyber security and the protection of personal data, emphasizing that it takes such violations seriously. As part of this initiative, the Unique Identification Authority of India (UIDAI) has lodged a formal complaint with the police regarding violations of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, which prohibits the public display of Aadhaar information.

According to the analysis conducted by CERT-In, the affected websites posed serious security risks. Website owners have been advised on measures to strengthen their ICT infrastructures and rectify these vulnerabilities. The Ministry of Electronics and Information Technology (MeitY) has also implemented the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, which mandate the non-publication and non-disclosure of sensitive personal data.

Individuals affected by these breaches have the option to approach the Adjudicating Officer under the IT Act to file complaints and seek compensation. IT secretaries in the states have been designated as adjudicating officers to handle such cases.

Additionally, the government is in the process of finalizing rules under the recently enacted Digital Personal Data Protection Act, 2023, aimed at further enhancing data privacy protections.

The urgency of this action has been underscored by a recent incident involving a cyber security researcher claiming that officials from Star Health Insurance sold data of over 3.1 crore customers. The researcher reported that Telegram bots were used to access extensive customer data, raising serious concerns about the integrity of personal information. The hacking incident included email exchanges between the hacker and a senior company official, detailing a failed negotiation over the sale of this sensitive data.

With the increasing threat of online scams linked to data breaches, the government’s proactive measures are crucial in protecting citizens from potential harm and ensuring robust cyber security practices across the country.