Indian ed-tech Byju reports Data Breach

Byju’s, an Indian educational technology (ed-tech) company that offers online learning resources and courses for students has accidentaly exposed student data due server-side misconfiguration.

The data breach was discovered by security researcher, who found a misconfigured Apache Kafka server allowing unauthorized access to data. Byju’s has quickly locked down the exposed server, and the exact extent of the data compromise and the time the data was available remains uncertain.

Reports suggest that the data leak could include information about:

• loans,
• payouts,
• identity documents of its students,

The breach is potentially impacting millions of individuals, although the company disputes the scale of the breach. Byju’s acknowledges a security lapse but asserts that no data was compromised during the exposed server period. Naturally, without any details.

This is the second breach involving Byju’s. An earlier incident, originating from a third-party service provider, exposed student data, including personal details and academic choices, potentially impacting the coding platform WhiteHatJr. acquired by Byju’s.

Byju’s is also facing internal issues, with key investors criticizing management decisions, raising concerns about the company's governance and valuations, Deloitte's exit as auditor, employee layoffs, regulatory investigations, and key investor departures.