Sensitive citizen data illegally transmitted by TDP Govt, says Andhra Assembly panel

The panel constituted in March 2022 to investigate whether Pegasus spyware was used by the Chandrababu Naidu government has submitted an interim report in the Andhra Pradesh legislative Assembly.

A House Committee that was formed by the Andhra Pradesh Legislative Assembly has concluded that a large volume of data from the state’s servers were transmitted to unknown external sources during the Chandrababu Naidu government’s regime.

The Committee, headed by Tirupati MLA Bhumana Karunakar Reddy, in its report said “there was unauthorised and improper transmission of large amounts of sensitive data from the State Data Centre (SDC) to unknown external servers from November 30, 2018 to March 31, 2019.”

Presenting the report in the Legislative Assembly on Tuesday, Karunakar Reddy said the committee found that a large volume of data had been transferred from 18 State Data Centre (SDC) servers to several unknown external IP addresses and that the reason for this data transfer was unknown.

“The data was sent to TDP leaders who used it to make unlawful gains during the elections held in 2019. The TDP leaders have misused the data. There was large-scale deletion of voters’ names before the election,” Karunakar Reddy told the Assembly. The statement evoked angry reactions from the TDP members who demanded a copy of the complete report. The house committee only tabled two copies of the report in the Assembly.      

The State Data Centre (SDC) is where the state government’s servers and network devices are stored. As part of the Praja Sadhikara Survey (smart pulse survey) organised in 2016, the previous government had collected individual details from all citizens. The Naidu government had said that the data was to ensure that government schemes would reach the beneficiaries. Details collected included aadhar card, ration card, voter ID, property tax, electricity bill, driving licence, vehicle registration details, gas connection details, bank account details, water bill details, caste certificate, income certificate, birth certificate etc. It is this data that was stored in SDC and later transferred to external servers, concluded the committee.