Purchased From Andhra Pradesh Govt Chemist? Your Details Were Leaked Online!

| June 18 , 2018 , 13:49 IST

An Andhra Pradesh government website was found to have leaked details from purchases made from the government-run Anna Sanjivini, including items purchased, Order ID, customer name, customer phone number and the money paid.

The privacy breach was alerted to the authorities by HuffPost and was found by security researcher Srinivas Kodali. The site link has since been taken down, the HuffPost reported on Monday. The details revealed publically on the government website included personal purchases such as Viagra, bought on June 13 from a government-run Anna Sanjivini store in Anantpur.

According to the report by HuffPost, and unsecured dashboard on the Anna Sanjivini website allowed anyone with an internet connection to access the names, phone numbers, and purchases made by everyone who bought items from any Anna Sanjivini store.

ALSO READ: App Or Eebsite: What Protects Your Privacy Better?

As per experts, the latest privacy breach is a vivid example of how the push to digitise everyday government processes has been accompanied by a 'blatant disregard for the privacy of citizens'.

The privacy breach is also of significance in view of the draft of the Digital Information Security in Healthcare Act (DISHA) which would enable sharing of personal health records between patients, hospitals, and clinics, possibly putting personal data at further risk of leaks.  

Pam Dixon, the founder and executive director of the World Privacy Forum speaking to HuffPost highlighted the dangers of leaking medical information to the public.

"Medications indicate the possible conditions a person or someone in their family may have," said Dixon.

"This information can be especially sensitive when employers gain access, or even just neighbours who learn of a sensitive condition," she said.

ALSO READ: Andhra Pradesh Govt To Provide Aid To Christian Pilgrims Visiting Jerusalem

"People who are discovered by employers to have serious medical conditions can be fired, children can be treated unfairly in school due to a past or current medical condition," Dixon said.

"People have quite literally been stalked and harmed as a direct result of inappropriate personal information disclosure," she said.

The Andhra Pradesh government in April this year had made a similar breach of privacy, by publishing intimate details such as caste, religion and home addresses, allowing geolocation of people living in the state, putting minorities at risk.

"This is an important issue because it is not the first time that something like this is happening in Andhra Pradesh," said Kodali, the researcher who first spotted both leaks. "But no one is held accountable for the loss of privacy for citizens."