India’s state-owned National Logistics Portal-Marine has successfully resolved security issues that had left sensitive personal information and trade records vulnerable to unauthorized access.
On September 25, Diachenko shared a screenshot on X (formerly Twitter) that displayed one of the exposed files with redacted sensitive information. Subsequently, he was contacted by the Indian Computer Emergency Response Team (CERT-In) and AWS’s security team to gain a better understanding of the incident. TechCrunch also notified CERT-In about the situation upon receiving details from the researcher. CERT-In acknowledged the receipt of the communication and confirmed the fix on Friday.
CERT-In stated, “With respect to the trailing email, the concerned organization has confirmed that the vulnerability is mitigated.”
Both the ports, shipping, and waterways ministry and the company responsible for the portal, Portall (a subsidiary of India’s business conglomerate JM Baxi), did not respond to multiple requests for comments before the publication of this news.
The National Logistics Portal-Marine was launched by the ports, shipping, and waterways ministry in January this year to serve as a ‘single window’ for all logistics trade processes, covering transportation modes in waterways, roadways, and airways. It also features an online marketplace for end-to-end logistics services.
This data exposure incident comes shortly after India enacted the Digital Personal Data Protection Act, 2023, a privacy law that outlines guidelines for private companies’ use of personal data. Notably, the Indian government is exempt from certain legal obligations under this law.