India’s premier agricultural research body, the Indian Council of Agricultural Research (ICAR), and its recruitment wing, the Agricultural Scientists Recruitment Board (ASRB), have faced a serious data breach. In February and March this year, sensitive information vanished from ICAR’s main server in New Delhi. Shockingly, the backup server in Hyderabad also suffered a data wipeout shortly after. This series of events has raised serious questions about data security and a possible cover-up.
The lost data is critical for the functioning of India’s agricultural research. It included important files related to recruitment processes, profiles of scientists, details of research projects, applications received, eligibility assessments, marksheets, interview evaluations, communication records, and vigilance reports. This information is vital for the smooth operation and transparency of the ICAR.
Despite the severity of the breach, no First Information Report (FIR) was filed initially. An internal investigation committee was formed only in July, months after the incident, and after the Union Agriculture Minister was informed. This delay and the lack of immediate action have fueled suspicions that something more than a simple cyberattack might be involved.
ML Jat, the current Director-General of ICAR, acknowledged that no FIR was filed. He mentioned that while some individuals have faced action, the investigation into whether the data deletion was accidental or intentional is ongoing. He also stated that standard alerts and maintenance protocols might have been ignored, pointing to unusual circumstances surrounding the data loss from both primary and backup systems.
Concerns have been voiced by agricultural experts and former officials. Venugopal Badarwada, a former ICAR governing body member, has alleged that the data was deliberately deleted, potentially linked to recruitment irregularities. He has called for a thorough review of all ASRB recruitments since 2014.
The purpose of a backup server, like the one in Hyderabad, is to protect data in case the main server is compromised. The fact that the Hyderabad server was also wiped out after the Delhi server breach is particularly concerning. It raises questions about why this crucial backup failed to protect the data.
Om Prakash, editor of Kisan Tak, a publication focused on agriculture, highlighted the lack of transparency and accountability. He questioned how such sensitive data could disappear, why no FIR was filed, and who is responsible for this massive breach.
The investigation committee formed in July consists of only internal ICAR officials. Critics argue that it lacks external IT and cybersecurity experts, which is essential for a thorough probe into a data breach.
While ICAR has not officially confirmed the cause as a cyberattack, the circumstances surrounding the event are fueling speculation. The delayed response, the dual server wipeout, and the nature of the lost data have led stakeholders to question whether this was due to negligence, a cyberattack, or a deliberate attempt to conceal information, possibly related to recruitment processes. The agricultural science community is awaiting clear answers and stronger data protection measures to prevent future incidents.