There has been no data breach of the University of Kashmir, reveals the investigation report and internal data sharing cannot be ruled out.
The investigation team analysed the database index file, which was placed on the dark web and removed immediately, and found there was no breach of data from live servers of the varsity.
The concerned application through which the index may have been viewed/ retrieved was identified during the analysis, sources, who had access to the investigation report, told Srinagar based news agency Kashmir Dot Com.
They said the application is managed, updated, tested and operated by the examination wing, working directly under the command of the Controller of Examination since 2015.
An official at the IT&SS wishing not to be named said the role of IT&SS is to only host the examination applications on the server housed at the Data Centre. “The network and the firewall-related breach has been analysed in-depth and ruled out, there has already been a security audit for infra,” he said.
The examination wing has been asked to review the application/s they manage, update and operate. “Make changes/updates wherever required before sending and confirming for making it online,” he said
A cyber security expert told KDC that the alleged data breach may be a hoax and some of the English dailies, news portals and social media posts jumped to conclusions without waiting for the facts to be ascertained. “It was also alleged that such data may be placed on matrimonial or porn sites which were really unethical to draw such nasty conclusions and maligns our own institutional image,” he said.
“Even for an argument’s sake if it is considered that there was a data breach, the information pertains primarily to academic details of pass outs which is already accessible online through the registration number,” he said adding that the data index file sharing or leaking through dump data cannot be ruled out and should be probed in depth, he said.
It has also been revealed in the investigation report that no financial or bank details or the credit card of students is ever asked for or stored in the online application forms. Moreover, the passwords, wherever, are encrypted.
The conventional server room of the varsity established in 2002 has been transformed over the time into a state of art Data Center without spending a huge amount of money, said Director IT&SS Maroof Qadri and refuted spending Rs 40 crores since its inception on establishing the Data centre and its operations, as was earlier reported in some English daily.