An alleged data breach at the University of Kashmir has exposed the personal information of over 1 million current and former students of the university and its employees, making their personal data available on the dark web. The data has been allegedly put on sale at a hacking forum for just $250 by a username “ViktorLustig” on 6th August.
Data Leak Exposed Personal Information of Kashmir University Students, Staff
As per a tweet by Abhishek Verma, the database claims to include student information, registration number, phone number, email address, password, employee data, and more. “Any breach on data read (which is already accessible in the public domain) is being analyzed in-depth and depending upon the analysis. The university will take further course of action and take an appropriate legal recourse accordingly,” a University of Kashmir spokesperson said in a statement.
Just spotted an alleged database of "University of Kashmir" being sold on a hacking forum. Threat actor goes by the name "ViktorLustig" selling the database of @KmrUniversity for $250.
He shared a Database index showing what he has.
— Abhishek Verma (@w3Abhishek) August 6, 2022
As the news received immense social media traction, the hacker deleted the thread from the hacking forum. However, an archival version of the thread revealed that the hacker had shared sample data with index entries like:
- UGFormMaster2ndSemBatch2020Brchin2021’ with 61,175 entries
- AdmitCardsDownloaded’ with 26,521 entries
- ‘AcademicDetails’ with 1,180 entries
- ‘PaymentApplicationsnew’ with 654 entries
University Launches Probe into Alleged Data Breach
The University of Kashmir has set up a special information technology team to look into the hacker who has made any attempt to put the data of thousands of students and employees for sale at $250 on the dark web. “Our IT team’s probe has so far found that no data regarding marks sheets or any private details of students were highlighted in the tables. No data of teachers related to their services and salaries stand compromised,” Dr. Maroof Qadri, Director of Information Technology said. “The text file that raised an alert is being looked into seriously. That particular data has been quarantined for now. The associate services are also being segregated for now,” Dr. Qadri added.