Data of over 30,000 students Indian Institute of Technology Roorkee published online
Learn More
The Indian Institute of Technology Roorkee (IIT-Roorkee), one of India's premier engineering institutions, is facing a data privacy incident after personal information of more than 30,000 students and alumni were found exposed on a public website.
Apparently the website has been publishing the data for approximately ten years. The incident was reported by the Times of India (TOI). The exposed data includes:
- Mobile phone numbers of students and their parents
- Caste category information
- Financial background details
- Email addresses
- Years of admission and graduation
- Student photographs
- Other personal details linked to enrollment records
The website had not uploaded current year data but older student records were reportedly being updated regularly, suggesting ongoing maintenance and potential data harvesting activities.
The nature of the attack is not disclused, but a professor at the institute, speaking anonymously, stated that since the information could only be retrieved through enrollment numbers, so that data had either been leaked or stolen directly from the academic affairs section.
IIT-Roorkee immediately initiated corrective measures. UP Singh, Deputy Director of IIT-Roorkee, confirmed that the matter had been forwarded to the Dean of Academic Affairs and Dean of Student Welfare for necessary action.
It's not clear whether affected students and alumni have been individually notified of the breach, what identity protection services are being offered, or what legal actions the institute may pursue against the operators of the website that published the unauthorized information.
