HOME
NEWS

Digiyatra app exposes over 3.3 million Indian users data


By VARINDIA - 2024-05-09
Digiyatra app exposes over 3.3 million Indian users data

DigiYatra is an app that was launched to facilitate faster and paper-less entry and security clearance into airports. The app allows users to share their travel details with airport authorities ahead of their travel and then walk through the security clearances faster.

 

The revelation of a privacy breach involving the Digiyatra app is indeed concerning, particularly considering the sensitive personal data of over 3.3 million Indian users being compromised. The Digiyatra app was intended to facilitate seamless travel experiences, but its involvement in a privacy controversy raises serious questions about data protection and user privacy in India.

 

Personal data of over 3.3 million Indian users of DigiYatra app is now owned by a private company facing an ED case . It underscores the importance of robust data protection measures and regulatory oversight to prevent misuse or unauthorized access to personal information.

 

The app was first launched at airports in Delhi, Bengaluru and Varanasi and is being gradually implemented in all airports across the country. The Digi Yatra app is free app available for both Android and iOS phones and can be downloaded on any smartphone with Google Play Store for Android and App Store for iPhones. The user base of the Digi yatra app on the Android Play Store and iOS Apple App Store stands at 422k.

 

The government is pushing hard for DigiYatra enrolment and in its attempt is even going as far as to record facial data of unsuspecting passengers before they enter the airport. At the same time, many passengers claim they have been photographed and enrolled without their consent.

 

It is also true that, many fliers are also reluctant to use the app because of concerns around data privacy and because not everyone is comfortable sharing their travel plans with a private entity, which has made DigiYatra.

 

By providing information such as their name, email address, mobile number, and specifies of an identification( Aadhar, driving licence, voter ID.) , travelers can obtain a Digiyatra ID. After entering this data, a Digiyatra ID will be created, It must be shared when buying tickets. The airlines will send this ID and the passenger information to the departing airport.

 

Experts says, it's essential for authorities to conduct a thorough investigation into the matter, hold accountable those responsible for the breach, and take appropriate steps to mitigate the impact on affected users. There were many cases reported in Bengaluru Airport that, CRPF personnel cross-verified details and Aadhaar scan to activate my DigiYatra account.

 

According to the ministry, the personal data of the passengers is purged from the system after 24 hours of the flight departure.

 

Digi Yatra uses facial recognition technology for entry and security clearance at various airports in India. The decentralised storage platform allows air travellers to save their IDs and travel documents for a seamless travel experience, the Delhi airport website explained.

 

Rajya Sabha Member Saket Gokhale has exposed a grave breach of privacy concerning the Digiyatra app, affecting over 3.3 million Indian users.

 

The story behind this is, "Digi Yatra Foundation was set up with initial shareholding of Airport Authority of India, Cochin International Airport, Bangalore International Airport, Delhi International Airport Ltd, Hyderabad International Airport Ltd & Mumbai International Airport Ltd."

 

The foundation said in a detailed statement, it is based on Facial Recognition Technology (FRT), Digi Yatra provides for contactless, seamless movement of passengers at various checkpoints at airports. Based on Facial Recognition Technology (FRT), Digi Yatra provides for contactless, seamless movement of passengers at various checkpoints at airports.

 

Digiyatra Foundation, which manages the Digiyatra app, is reportedly parting with its vendor Dataevolve Solutions. Cyber security experts have expressed caution saying that since the government-promoted app for paperless travel was operating on the Hyderabad-based company’s infrastructure, it has the potential to misuse data. Privacy experts say Digiyatra has a weak governance structure and is unreliable due to a lack of information and disclosures.

 

Key Highlights:

# The ED booked the CEO of Dataevolve last year in a money laundering case. Now, it seems that the company was engaged in the alleged offense WHILE it handled the DigiYatra app

# The DigiYatra app was NOT running on the infrastructure of DigiYatra Foundation but, instead, was being run by the private company Dataevolve. This is a CLEAR VIOLATION of all data security & protection rules.

# Therefore, to remove Dataevolve from the DigiYatra infrastructure, a new app was launched last month instead of just releasing the update

# Consequently, a new app was launched to disassociate Dataevolve from Digiyatra, exacerbating concerns over data ownership and protection.

 

According to ET, cyber security experts have expressed caution saying that since Digiyatra was operating on Dataevolve’s infrastructure, the Hyderabad-based company has the potential to misuse data.

 

When Digiyatra Foundation was in partnership with Dataevolve, it had access to sensitive citizen information such as facial biometrics and Aadhaar data, according to Internet Freedom Foundation associate policy counsel Disha Verma.

 

The utmost concern is the fact that the personal data of millions of Indian users now resides with Dataevolve, a company under scrutiny for alleged financial impropriety.

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA