In an embarrassing revelation, an Indian security firm “Shadowmap” promoted by Yash Kadakia, has revealed that data about 1200 accounts of elected officials and staff and another 15,000 accounts of EU affairs professionals were disclosed on the web along with the encrypted passwords.
This is being highlighted here not because we are happy that the data has been exposed, but to indicate to politically motivated ethical hackers like “Elliot Alderson” or “Robert Baptiste” that instead of worrying about the data breach incidents in their own country, they are trying to spread false rumors of data breach in India whether in the Arogya Setu or Aadhaar.
If Indian hackers work with similar motivation as Mr Baptiste to defame foreign Governments, perhaps many other Governments EU can also be embarrassed. But I suppose Indian hackers are not largely interested in such unproductive attacks (Except perhaps on Pakistan!).
The entire world is grappling with data security and need to make Internet more trustworthy. I therefore urge that the talented hackers who call them “Ethical”, should help the community to defeat the dark web and criminals who operate therefrom, rather than going after defaming the Government officials who may not be as much talented.
An academic question that arises in this case is “Who is liable under GDPR for this breach?”
Since the EU parliament is headquartered in France, (or is it still Belgium? or Luxembourg?) it has to come under the jurisdiction of the French Supervisory authority and Mr Baptiste should directly contact the supervisory authority of his country and question them. Technically however, the breach is attributed to whom so ever was responsible as a “Data Controller”. It could be some department of the EU Parliament like our own NIC being a part of the Government. Will it be considered as a separate entity and notice issued? … We will wait and see how committed is the EU Parliament for the cause of data protection.
Perhaps the Internet Freedom Foundation and other similar friends of Baptiste should issue a notice to the EU Parliament committee to take action.