The Bombay High Court has intervened to prevent the disclosure of allegedly hacked sensitive information pertaining to children enrolled in several schools in Mumbai and abroad. The court described the situation as “most disturbing” and issued an interim order restraining a group and unknown individuals from making any public or private disclosure of the compromised data.
Urgent Plea by Trust and Corporate Entity
A charitable trust and a corporate entity that runs schools approached the High Court seeking urgent relief. They reported receiving a ransom demand of $750,000 from alleged hackers, who threatened to make the confidential information public. The threat escalated when an email was sent to a parent on June 10, revealing highly confidential details about certain students.
Justice Arif Doctor's Observations
In his June 12 order, Justice Arif Doctor emphasized the potential harm of such disclosures. “The disclosure of such highly sensitive and confidential information, particularly with regard to the mental health issues of the children, could indeed have grave and deleterious effects, in particular on the children themselves,” he stated.
The court accepted the plea for an ex-parte order after hearing senior counsel Birendra Saraf, who argued that notifying the other side at this stage would defeat the purpose of seeking urgent relief. Saraf highlighted that the two entities operate numerous educational institutions with thousands of enrolled children, and their databases containing confidential information had been compromised in a hacking incident.
Nature of Compromised Information
Saraf detailed that the hacked data included not only children’s movement details, such as travel routes to school, but also medical conditions, including mental health issues. The court was also informed that the ransom email was sent by someone identifying as a “cybercriminal,” outlining a stage-wise plan to enforce the threat.
Further, the High Court noted that the compromised information extended to parents’ vocation, income, and other personal details. “Such information, if made public, could also potentially pose a grave risk to the safety of the children,” the court remarked.
Court Directives and Next Steps
The High Court directed Google to block the email IDs used by the alleged hackers. It also sought details of the compromised information, with Saraf undertaking to file an affidavit to bring the specifics on record. The matter has been posted for further hearing and orders on July 1.
