In an era where digital platforms are integral to educational processes, the security of personal data has become paramount. A recent incident involving the Karnataka Examinations Authority (KEA) has brought this issue to the forefront. A fraudulent website, mimicking the official KEA portal, was discovered collecting personal information from unsuspecting students. This event not only highlights the vulnerabilities in our digital infrastructure but also underscores the importance of robust data protection mechanisms, such as those proposed in India’s Digital Personal Data Protection Act (DPDPA) of 2023.
In May 2025, the KEA identified a counterfeit website, k-cet.org, designed to resemble its official portal. This fraudulent site appeared prominently in search engine results for ‘KEA home’ and solicited personal details from students, including names, contact numbers, emails, and course preferences. Upon submission, users received a generic “success” message, giving the illusion of a legitimate process. Further investigation revealed that the fake website extended its deception by inviting registrants to a counterfeit NEET counseling session at Bangalore Medical College. This tactic aimed to lend credibility to the scam and extract more information from students.
Upon discovering the activity, the KEA promptly filed a complaint with the Malleswaram police station. An investigation under the Information Technology Act was initiated to identify and apprehend the individuals behind the scam. The KEA also issued public advisories, emphasising that their official website is cetonline.karnataka.gov.in/kea and cautioning students and parents against sharing personal information on unverified platforms.
Implications Under the Digital Personal Data Protection Act, 2023
The Digital Personal Data Protection Act (DPDPA) of 2023 aims to provide a comprehensive framework for the processing of digital personal data in India. While the Act is not yet in force, it outlines significant obligations for data fiduciaries and rights for data principals.
Key Provisions Relevant to the Incident:
- Obligations of Data Fiduciaries: Entities processing personal data must implement appropriate technical and organisational measures to ensure data security and prevent breaches.
- Data Breach Notification: In the event of a personal data breach, data fiduciaries are required to inform the Data Protection Board and affected individuals promptly.
- Penalties for Non-Compliance: The Act prescribes hefty fines for various contraventions, including up to ₹250 crore for failure to implement security safeguards and up to ₹200 crore for failure to notify data breaches.
In the context of the KEA incident, the fraudulent website operators, if identified, could be held accountable under the DPDPA for unauthorised data collection and processing. Additionally, the incident underscores the need for institutions like KEA to bolster their cybersecurity measures to prevent such occurrences.
This incident is not isolated; it reflects a growing trend of cyber threats targeting educational institutions. The reliance on digital platforms for admissions and counselling processes makes students vulnerable to such scams.
Conclusion
The KEA fake website incident serves as a stark reminder of the vulnerabilities in our digital infrastructure, especially in the education sector. It highlights the urgent need for robust data protection laws and proactive measures by institutions to safeguard personal information.
Ensure your institution is prepared against data breaches and digital impersonation. Learn how to build trust and stay compliant with India’s evolving data protection landscape at www.tsaaro.com.
News of the week
1. Privacy-Aware Intelligence: Balancing Data Utility and Privacy
Privacy-Aware Intelligence is all about finding the sweet spot between using data effectively and protecting people’s privacy. Instead of relying on traditional methods that collect and store sensitive data in one place, new approaches like federated learning allow AI to learn from decentralised data without ever seeing raw personal information. Meanwhile, differential privacy adds an extra layer of protection by injecting randomness into datasets, making it nearly impossible to trace data back to individuals.
Privacy-Aware Intelligence: Innovating Data Analysis with Protection at its Core – IBTimes India
2. Apple Backs Kids Online Safety Act as Congress Pushes for Stronger Child Protections
Apple has stepped forward to support the Kids Online Safety Act (KOSA), a bill focused on making the internet safer for kids. First introduced in 2022 and passed by the Senate in 2024, KOSA aims to make social media platforms protect young users better by enforcing stricter default privacy settings and giving kids more control over addictive features. The bill also requires platforms to take steps to reduce risks like self-harm and exploitation. Apple’s support highlights its ongoing commitment to protecting children online, especially following its recent proposals to improve privacy for young users.
While KOSA enjoys bipartisan backing in the Senate, it still faces hurdles in the House due to concerns about free speech and potential overreach. Big tech companies like Meta and Google worry the bill could lead to censorship. With Congress gearing up for debate, Apple’s endorsement could sway other companies and help push the bill forward. If passed, KOSA would mark a major step in balancing technology, privacy, and child safety in the digital age.
https://www.washingtonpost.com/politics/2025/05/15/kosa-kids-online-safety-act-apple
3. Urgent Chrome Update: Fixes Critical Security Flaw
Google just rolled out an important update for Chrome after discovering a serious zero-day vulnerability that could let hackers take control of your device. If you use Chrome, it’s crucial to update your browser and restart it immediately to stay safe. This patch tackles a security hole that cybercriminals are already trying to exploit, so don’t delay in protecting your data and devices by installing the latest version as soon as possible
4. Illinois Takes a Stand: Blocking Federal Access to Autism Data Without Consent
Illinois Governor JB Pritzker has signed an executive order that stops the federal government from accessing personal autism-related health information without explicit consent. This move underscores Illinois’s commitment to safeguarding individual privacy and ensuring that sensitive health data isn’t shared without permission. It’s a meaningful step toward giving people more control over their personal information, especially in areas as sensitive as health.
https://www.theguardian.com/us-news/2025/may/12/illinois-jb-pritzker-trump-autism-data
