The Karnataka Examinations Authority (KEA) approached the Malleshwaram police on Thursday, stating that its website had been hacked and the personal details of scores of students appearing for certain exams may have been leaked. Following this, the police registered a case under the IT Act, 2008.
In its complaint, the KEA alleged that the hacking of data took place on July 6. However, there is no clarity on why the complaint was filed by the KEA after a delay of four months.
According to a report in The Hindu, as early as May 2019, several students and their parents had received messages from private colleges about admission prospects after having enrolled for the CET (Common Entrance Test). Parents who were concerned by this had raised the issue with KEA officials but did not receive any response at the time.
The KEA is the regulatory body for CET — which is an entrance exam for engineering, medical and dental courses — as well as entrance exams for agriculture and architecture courses in the state.
According to the complaint, the KEA has alleged that the hackers are from a marketing firm, Leadtap Media and Marketing, who have sold private information to companies based in Karnataka, Telangana and Odisha.
A report in the Times of India on July 25 had noted that the KEA website has only an IP address and no URLs, and this made parts of the website vulnerable to data hacks. An ethical hacker reported that he found access to the Directory of the website, which is the landing page from where all other parts of the site can be connected. The directory has access to student’s personal details, and allows access to the admin panel of the CET 2019. The admin panel contained sensitive figures such as the revenue collected by KEA as well as the personal data of the students including their contact information, exam answers and secret question code.