In a serious case of data breach, the Karnataka Examinations Authority (KEA) filed a police complaint in Bengaluru accusing a private agency of hacking into their servers to steal the private details of lakhs of students.
In a complaint lodged at Malleshwaram police station, the KEA said, “Data pertaining to lakhs of students who registered themselves online via the KEA official portal has been hacked by a private marketing agency, some of which have been sold to third parties.”
The data includes mobile phone numbers and course preferences of the students, KEA officials said. Incidentally, the complaint mentions that the alleged hacking took place in July earlier this year. However, the KEA has approached the police only on November 21.
The KEA accepts online applications from students appearing for the Karnataka Common Entrance Test (KCET), a gateway for admissions to professional institutions in the state.
Soon after the results of KCET-2019 were released, several parents and candidates had approached the KEA alleging they received several spams calls and text messages offering seats in private colleges in Karnataka, Kerala, Tamil Nadu, Andhra Pradesh, Telangana, and Odisha.
The issue was then taken up by several students organisations, pointing it was a case of possible data breach. A KEA official said, “Multiple complaints by raised by many private colleges approaching parents and candidates offering seats based on their preferences as submitted in their application forms for KCET. Taking this into cognisance, we held an internal probe after which we concluded that a third-party marketing agency hacked into our database.”
KCET, the entrance test which determines the eligibility/merit for admission to the first year or first semester of full-time courses for the government share of seats in engineering, technology, B-Pharma, D-Pharma, and farm science courses was conducted on April 29 and 30 by the KEA this year.
More than 1.94 lakh candidates appeared for the exam at centres across Karnataka.