The revelations of the suspected “leak” of the database of roughly “one million” Kashmir University students and faculty that hackers allegedly infiltrated have generated outrage. Registration, phone, email, and password were all stored in the database. The institution has now started looking into the ‘data breach’ as a result.
The forum discussion was eventually deleted by the hacker in control after the subject gained popularity on social media. The exact reason it was taken away is still unknown; it might have been because he found a buyer, or it might have been for another reason.
The threat actor released sample data with index entries such as “UGFormMaster2ndSemBatch2020Brchin2021” with 61,175 entries, “AdmitCardsDownloaded” with 26,521 entries, “AcademicDetails” with 1,180 entries, “PaymentApplicationsnew” with 654 entries, and so on.
Staff and students at the institution have expressed frustration about the issue because they feel that the administration has not done enough to safeguard their right to privacy.
“Nobody seemed concerned about the matter, even though it has been five days since it was brought up on the hacking forum. The institution has to recognize that digital theft is a serious problem, and they need to step up to the challenge to prevent our personal information from falling into the hands of cybercriminals,” said a student who requested that their name not be used.
“Our personal info is on sale. “Not only does it invade our privacy, but it also invades the privacy of our families,” one of the female students at the varsity stated.
Several times in the past, the administration has been made aware of issues with the protection of students’ personal information, according to sources within the university.
The issue was disregarded since it was thought to be unimportant. A individual with knowledge of the matter claims that those who expressed concern about the possibility of data theft have now had their worries realized. The breach is genuine, the insider continued.
The university, on the other hand, said that their early findings indicated that the data had not been altered in any manner.
According to the first findings of the investigation into the suspected data breach, it has been discovered that the data has not been altered in any way, according to the spokeswoman.
“Any breach on data (which is already accessible in public domain) is being analyzed in depth, and based upon the analysis, the institution will take additional action and a suitable legal consequence appropriately,” claims the spokeswoman.
Cyber law enforcement officials are monitoring the situation in the meanwhile. The authorities argue that it is still too early to determine whether the database has suffered any damage or whether the claim was just placed on the dark web forum by a hacker who had access to the database and had taken whatever he could.