Andhra Pradesh government which is grappling to resolve data breach incidents from several state government websites is all set to launch Andhra Pradesh Computer Response Team (APCRT), a data breach incident reporting portal. As reported by HuffPost, the website will go live in a week.
Starting April 2018, cyber security researchers reported numerous incidents of state government websites leaking sensitive private information of general public. One such incident occurred in June, wherein details of a customer who bought Suhagra 50, a generic version of Viagra from the government owned Anna Sanjivini store in Anantpur in Rayalseema were leaked. An unsecured dashboard on the Anna Sanjivini website allowed anyone with an internet connection to access the names and phone numbers of everyone who has bought medicines from every single such store. The details include name, phone number and purchases made.
Soon, Chief Minister N Chandrababu Naidu has directed the IT department to audit all the state portals. A similar activity was reportedly undertaken in the first week of May, when 320 government websites were audited for vulnerabilities. The state government runs close 1200 websites for various services.
The audits will be carried out by Andhra Pradesh Cyber Security Operations Center (APCSOC) an initiative of the state Information Technology, Electronics and Communications (IT and E&C) ministry launched in April, 2018
“The Center will combat cyber security threats and provide real time intelligence sharing and threat analysis to all state government departments and entities,” Naidu said during the launch event of APCSOC.
“Security is one issue. Privacy is another, and it is important and pertinent,” V Premchand Managing Director of Andhra Pradesh Technology Services (APTS) was quoted as saying by HuffPost. APTS oversees cyber security issues in the AP government, and is the authority running APCSOC.
Further in June, another data leak occurred from state government run website that tracks state-run ambulances in real time, allowing anyone with an internet connection to monitor the movement of these vehicles and obtain sensitive information about the patient. The data included pick-up point location, why the ambulance was called, and the hospital to which the patient was taken.