PERSONALLY IDENTIFIABLE INFORMATION (Syllabus: GS Paper 3 – Cyber Security)

News-CRUX-10     5th February 2024        
Samadhaan

Context: Recently, the Ministry of Corporate Affairs fixed a critical vulnerability in its online portal months after a cybersecurity researcher reported it to the Computer Emergency Response Team of India (CERT-In).


Personally Identifiable Information (PII)

  • About: PII is any data or information maintained by an organisation or agency that can potentially be used to identify a specific individual. 
  • Include information: Aadhaar, PAN, voter identity, passport, date of birth, contact number, communication address, and biometric information.
  • Non-PII information includes: Photographic images (especially of the face or other identifying characteristics), place of birth, religion, geographic indicators, employment information, educational qualifications, and medical records.
  • Sensitive PII: When exposed, can be used to identify individuals and potentially cause harm. Some of the most important components that constitute sensitive PII are stored by employers, government organisations, banks, and other digital accounts used by individuals.
  • Nonsensitive PII: It is publicly available information and can be stored and transmitted unencrypted. This includes information such as zip code, race, gender, and religion. They cannot be used to accurately identify an individual.
  • Risks of PII exposure: Cyberattacks and weaknesses in digital infrastructure can lead to the exposure of citizens’ PII.

Has your PII been compromised?

  • Telegram Bot Data Leak: In 2023, a Telegram bot exposed personal data of Indians registered on the CoWIN portal for COVID-19 vaccination, raising concerns.
  • Dark Web Sale of Indian Citizen Data: An American cybersecurity firm revealed that personal information of 815 million Indians, including Aadhaar and passport details, was for sale on the dark web, sparking a major data breach incident.
  • Government Denies Data Leak: Despite allegations, the Indian government refuted claims of a biometric data leak and CoWIN portal breach. An investigation led to the arrest of a man and a juvenile in Bihar.
  • RailYatri Platform Data Breach: January 2023 witnessed a data breach in the RailYatri platform, contributing to the growing concerns about the security of personal information.




Samadhaan