NEW DELHI: Sensitive data of an undisclosed number of soldiers, including their personnel numbers and Permanent Account Number (PAN) details have been leaked by government pay websites, prompting strict orders to review security protocols and furnish action taken reports to curb the leaks.
Details of the soldiers that included their names, military ID numbers and the PAN were found to have been disclosed on the websites of the defence ministry’s pay and account offices located across the country, according to an internal review conducted over the past few months.
Following the audit, instructions on disclosure of sensitive information have been issued to all concerned departments to immediately taken down the data and make it access controlled to prevent misuse. “Any sensitive data open to all is required to be removed from the home page of the website and action taken report along with root cause may be furnished immediately,” instructions issued to all departments connected to pay of soldiers last week read.
Offices have also been advised that sensitive information should only be available only on ‘role based access granted to the user’ after a secured login. “It is requested that all websites may be reviewed whether any sensitive information is available without secure login or not and a comprehensive report may be furnished,” the order reads.
On Monday, several websites of the ministry were not accessible as they had been taken offline following the security instructions. These included websites with data on soldiers of the Para Regiment from a pay office in Bangalore and the Belgaum based Maratha Light Infantry pay office. It is not yet clear how many websites disclosed this sensitive data or how many soldiers would be impacted by the leak.
The pay linked websites of the defence ministry have had a chequered history, with hackers compromising the Office of the Principal Controller of Defence Accounts (officers) in 2015, with fears that personal details had been leaked. The site had to be taken offline and re-launched with new security features.