Roorkee: IIT-Roorkee has confirmed a serious data privacy breach that exposed personal details of more than 30,000 students and alumni online for several years. The institute has started an internal investigation after receiving the alert.
The leaked data appears to come from the academic affairs department’s records. It includes students’ and parents’ mobile numbers, caste category, financial information, email addresses, admission and graduation years, and photographs. Anyone who entered a student’s enrolment number on the website could access these details.
A faculty member, requesting anonymity, stated that the leak or theft of data from the academic affairs section makes this a clear case of cybersecurity and privacy violation.
The Times of India alerted the institute about the breach, prompting Deputy Director U.P. Singh to forward the matter to the Dean of Academic Affairs and the Dean of Student Welfare for immediate action.
Investigators believe the website displaying the data has been active for nearly a decade. Although it did not upload information for the latest batch, it reportedly updated older records. A student expressed concern that someone from an unknown location has been sharing this sensitive information without the institute’s knowledge or approval.
Officials have not revealed the names of the students and alumni affected. IIT-Roorkee, founded in 1847 as Thomason College of Civil Engineering, stands as Asia’s oldest technical institution. It became the University of Roorkee in 1949 and gained IIT status in 2001.
Also read: Google admits data breach after cyberattack on Salesforce database – here’s what was exposed