Electoral data security breach in West Bengal, voters deleted from electoral rolls
Take action: Another example of malicious insider. However painful it is to consider that your colleagues may be malicious, you still need controls against it.
Learn More
A security breach in West Bengal's electoral system has resulted in at least 1,000 voters being wrongfully deleted from electoral rolls in one assembly constituency.
The breach, which began in September 2023 but was only recently discovered, involved the theft of login credentials from multiple election officials and the manipulation of voter registration records.
According to West Bengal Chief Electoral Officer Manoj Kumar Agarwal, the breach affected the electoral roll management system where login credentials of four Assistant Electoral Registration Officers (AEROs) were compromised. An internal investigation has implicated a government employee named Arun Gorain, who served as an assistant system manager, in the unauthorized access and data manipulation.
The investigation revealed that Gorain stole the login credentials of AERO Swapan Kumar Halder, who also serves as Kakdwip's joint block development officer. According to an official order issued on May 15, Gorain "committed fraud and cheating by inserting his mobile number unauthorisedly in the login credential of AERO" and then processed various electoral forms by using one-time passwords (OTPs) sent to his personal mobile device.
The compromised system allowed the perpetrator to manipulate multiple types of voter registration forms, including:
- Form 6 (new voter addition)
- Form 7 (voter deletion)
- Form 8 (changes in the electoral roll)
Election Commission officials have confirmed the breach but stated that the full extent of affected records has not yet been verified. "The extent of deletions or additions or corrections will be known only after a detailed investigation," Agarwal said.
Officials familiar with the matter indicated that the Election Commission of India (ECI) will need to conduct a comprehensive audit to determine the full scope of the breach. Questions remain about Gorain's motives, with officials speculating that financial incentives or political connections could have driven the unauthorized activities.
The investigation will also examine how this breach continued undetected for approximately a year and a half, potentially reflecting broader security vulnerabilities in India's electoral systems.
