Context:
Recently, the Ministry of Corporate Affairs fixed a critical vulnerability in its online portal after a cybersecurity researcher reported it to the Computer Emergency Response Team of India (CERT-In).
Critical Vulnerability
- It refers to a weakness or opportunity in an information system that cybercriminals can exploit and gain unauthorised access.
- Vulnerabilities weaken systems and open the door to malicious attacks.
|
- Personally Identifiable Information (PII) is any data or information maintained by an organisation or agency that can potentially be used to identify a specific individual.
- For Example: Aadhaar, PAN, voter identity, passport, date of birth, contact number, communication address, and biometric information.
- The constituents of PII vary depending on a country.
- Non Sensitive PII: It is publicly available information and can be stored and transmitted unencrypted. They cannot be used to accurately identify an individual.
- For Example: zip code, race, gender, and religion.
- Sensitive PII: Sensitive PII, when exposed can be used to identify individuals and potentially cause harm.
- Some of the most important components that constitute sensitive PII are stored by employers, government organisations, banks, and other digital accounts used by individuals.
Concerns
- Risks of PII Exposure: Personally Identifiable Information (PII) Exposure can result in Cyberattacks and weaknesses in digital infrastructure.
- Target Attack: Threat actors can gain access to exposed PII and misuse it to launch targeted attacks on individuals.
- Financial Threat: Threat actors may also use such information to obtain cellular connections, credit cards, and compromise the security of an individual’s digital accounts.
Individuals may not be able to prevent leaks in databases of government organisations or service providers. However, they can take steps to ensure their safety.
- Check HTTPS in URLs when visiting unknown websites: The “S” stands for secure and is used by legitimate websites to secure collected information from unsecured connections.
- Use a VPN: A VPN helps protect Personally Identifiable Information and other vital data by securing your online connection from prying eyes on public networks.
- Delete PIIs from Other Devices: In case of accessing the PIIs at a photocopy shop or others’ devices, make sure to delete the documents even from recycle bins to ensure they are not misused.
- Avoid sharing personal information: In case your Personally Identifiable Information is leaked, be on the lookout for phishing attacks that may use leaked information to convince their legitimacy.
- Keep a tab on your PII: Avoid sharing or accessing images or details of identity documents through unknown devices.
- Keep a tab on your bank account transactions, credit cards, and credit score; a hit in the score could mean your PII has been misused to procure credit cards in your name.
- Justice K. S. Puttaswamy (Retd) vs Union of India 2017: It called for the Right to Privacy an intrinsic part of life and liberty under Article 21.
- B.N. Srikrishna Committee 2017: It recommended strengthening of privacy law in India.
- Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021: To exercise greater diligence with respect to the content on their platforms.
Also Read: Interim Budget 2024-2025
News Source: The Hindu
February 5, 2024