KU rules out data theft, eyeing third-party evaluation of IT infra

Leak of Index File of database being probed internally

Irfan Tramboo

Srinagar, Aug 29: After the alleged data breach that was reported at the University of Kashmir, the authorities today said that there has not been any “unusual activity” on their live servers while they completely ruled out any data theft.
Officials told Excelsior the preliminary investigation that was carried out brought to the fore that the data was unaltered, unencrypted and no unusual activity was observed on the live servers, while they hinted at the third-party evaluation of the IT infrastructure of the Varsity.
“We have carried out detailed analysis and we have found nothing unusual even as the same has been reviewed by an independent team,” Dr. Maroof Naieem Qadri who heads the Directorate of IT&SS of the varsity said.
It is to be noted here that earlier this month, an Index File that showed the contents of the database was shared on the dark web to be sold for $250, prompting the authorities at the KU to ascertain the veracity of the alleged data breach. However, that file was later deleted from the forum where it was shared.
Dr. Qadri said that the index file that was shared on the dark web only had the count of the database while, he said, they (hackers) had no access to the database. “The academic history of the students is already public, but the index showed only the count, and the internal data, as per our analysis was unaltered,” he said.
In this regard, the KU authorities have also scrutinized the databases thoroughly and the same has been going on since the day the alleged data breach was reported, while the concerned department has submitted its report to the committee concerned. “Simultaneously an independent team came from a different university. They have also reviewed it.”
He said that the KU does not have any critical data such as details of the credit cards, and personal data stored and when those are not in store, he said, there is no question of the theft of the same.
“The security audit concerning the IT infrastructure has been carried out and we have not been able to identify any security breach in this regard; I assure you that there has not been any theft of the data,” he said.
With regard to the access of the alleged hackers to the Index File of the Database which was shared on the dark web, he said that that matter is being probed internally. “Somebody might have shared the information about the index file which was shared on the dark web internally and we are probing that,” he said.
Dr. Qadri said that apart from the security audit of the IT infrastructure, several other audits are going on while he underlined that a third party evaluation of the same will also be carried out soon.