Allegations have been made that a political party in India may have allowed a tech firm from Hyderabad to illegally process vast amounts of citizens’ private data.
IT Grids India Pvt Ltd was commissioned by the Telugu Dasam Party (TDP) to build its Seva Mitra app. The app is designed to permit party members to communicate with one another and party leaders.
Now, an Indian data analyst called Lokeshwar Reddy claims he has uncovered evidence that IT Grids employees may have hijacked the private data of millions of citizens from Andhra Pradesh. Telangana police are investigating the allegations under Sections 66 and 72 of the IT Act.
Reddy alleges that the Seva Mitra app purposefully contains massive amounts of citizens' data including their Aadhaar Card numbers, voter ID, address, name, religion, caste, and details pertaining to any benefits they claim under government welfare schemes.
That data is of an extremely sensitive nature, and data privacy experts agree that it should not have been included in the party’s official app - because it opens the door to potential hacking at the hands of cyber-criminals.
Multiple arrests
Following allegations of data mismanagement, a number of senior IT Grids employees have been arrested by Telangana police. In addition, the police have reportedly seized laptops, hard drives, and other materials, during raids of IT Grids' office in Hyderabad.
To add fuel to the fire - CEO of IT Grids, Ashok Dakavarapu - appears to have gone on the run. He is currently said to be in hiding following the allegations of his involvement in the illegal data breach. Telangana police are in the process of searching for Dakavarapu - and are holding talks with his family in an attempt to locate his whereabouts.
Police standoff
According to local Indian press sources, the ongoing investigation has developed into a standoff between the police forces and politicians from Telangana and Andhra Pradesh. The tensions between the two neighboring police forces began when police officers from Andhra Pradesh traveled to Hyderabad on Sunday to arrest data analyst, Reddy.
It is not yet clear whether that arrest was ordered by officials from TDP. However, the attempted arrest of the data analyst who brought forward complaints against TDP and IT Grid has sparked talk of corruption. President of Telangana Rashtra Samithi party, K Taraka Rama Rao, reprimanded the Chief Minister of TDP, Chandrababu Naidu, for his party’s involvement in the data breach.
In statements made to the press, Rao reminded people that whistleblowers should be applauded, rather than condemned. During his comments, Rao reinforced that Andhra Pradesh police had unlawfully abused Reddy when they attempted to take him into their custody, adding that it seemed like Andhra Pradesh’s government were afraid of something.
"The complainant was a resident here and his complaint related to a crime committed by a local company. What business does the Andhra Pradesh police have in this case?"
Commenting on the attempted arrest of Reddy, Telengana Police Commissioner Sajjanar added:
"Andhra Pradesh police intentionally intervened in the data breach investigation and a case has already been filed against AP Police in KPHB police station for threatening the complainant."
Legal action?
It has since been announced that Andhra Pradesh’ TDP party is considering taking legal action against the Telangana police for confiscating private party data during its raids on IT Grids offices. This would imply that the TDP party is aware that IT Grid holds private party information on its servers.
Telengana Police Commissioner Sajjanar promised that the investigation would continue and that they would work tirelessly to uncover the extent of any illegal data practices committed by IT Grid and TDP.
"No one has the right to explore sensitive and personal data like Aadhaar and other information. We will take this issue to CEC and UIDAI Authorities and also ask Amazon authorities to give more details on the data stored in their web servers."
TDP spokesperson, Panchumarthi Anuradha, has released a statement refuting the claims:
"The TDP got the data through its own sources. For the past four months, 47,000-odd booth convenors of the party have been interacting with 3.5-4 lakh voters on a daily basis and getting details such as the number of family members, livelihood, the benefits with government schemes as well as to which party they are going to vote. All these things are done by the party, for the party. If anyone has doubts on the data, they can approach the AP police or Election Commission."
Image credits: posteriori/Shutterstock.com, Billion Photos/Shutterstock.com
If this story has prompted you to take your online privacy seriously, then you may want to consider using a VPN when you're online. Take a look at our best VPN service's page for a list of our top picks.