ROORKEE– The integrity of one of India’s oldest and most prestigious engineering colleges, the Indian Institute of Technology Roorkee, has been called into question following a major data breach affecting more than 30,000 students and alumni. The breach, which officials described as a ‘data privacy lapse’ exposed a wide range of personal information, including names, mobile numbers, caste category, financial background, email addresses, and graduation details. The data was illegally taken from the institute’s academic affairs department records, which were openly accessible on a public-facing website. This vulnerability has prompted the institution to launch an immediate and comprehensive internal inquiry to assess the full scope of the breach and to bolster its cybersecurity protocols.
The Mechanism of Exposure
The scale of the breach was made apparent by the simple mechanism through which the data could be accessed. Reports indicate that by entering a student’s enrollment number on a specific part of the website, an individual could view an array of personal details. This method of access suggests a fundamental flaw in the website’s security architecture. While the exact duration of the exposure is unclear, the website is believed to have been online for over ten years, raising concerns that the breach may have been ongoing for an extended period. A professor speaking on the condition of anonymity highlighted the incident as a clear case of “cybersecurity and personal privacy breach,” emphasizing the need for robust protections in an increasingly digital world.
Data Protection and DPDP Act Readiness: Hundreds of Senior Leaders Sign Up for CDPO Program
Official Response and Community Concerns
In response to the incident, IIT-Roorkee officials have confirmed that they have initiated an internal inquiry. The Deputy Director, U.P. Singh, stated that the matter has been referred to the deans of academic affairs and student welfare for “necessary action.” However, officials have so far declined to disclose the names of the students and alumni who were affected, citing an ongoing investigation. The institute has stated that the website operator is “sharing vital personal information from an unknown place and for unknown purposes,” adding a layer of mystery and concern to the situation. The lack of transparency has left many in the community uneasy, with one student noting that the institute has not yet provided any clarity on the matter.
A Legacy of Excellence, a Wake-Up Call for Security
Established in 1847 as the Thomason College of Civil Engineering, IIT-Roorkee is a cornerstone of India’s academic landscape. Its rich history and reputation for producing top-tier engineers have made it a symbol of national pride. The breach highlights the critical need for regular security audits and robust data protection policies, particularly for institutions that handle a vast amount of sensitive personal data.
