PSEB Exposed Personal and Private Data of Thousands of Students

Pakistan Software Export Board (PSEB) and ICT R&D’s recently launched Prime Minister’s ICT Internship Program. While there were positive intentions behind the program, a slight omission in PSEB’s implementation has now put the security and privacy of thousands of interns and graduates across the country at risk. The program is being misused and is a potential scam threat.

A tool is only as good or bad as its user. This notion accurately defines what is currently happening with the Prime Minister’s ICT Internship Program.

The Proposed Project

Prime Minister’s ICT Internship Program aims to help thousands of young graduates in securing internships for hands on experience in their fields while also providing financial relief.

According to PSEB, the purpose of the program is to “keep them (graduates) engaged and interested in acquiring additional knowledge and real work life experiences, thereby facilitating their improved employability in the country.”

These students or graduates are supposed to be placed at IT companies, departments in the telecom sector, banks and other similar tech-centric companies and software houses. Selected IT graduates get Rs. 15,000 from the government.

The program requires IT companies, registered with the PSEB, to hire interns for a period of 6 months.

The aim behind the project is to train young graduates so that they can become accustomed with the professional requirements and start their careers. Interns are also supposed to receive training through ICT R&D workshops.

Internship Application Procedure

A few months ago, the program was launched and PSEB started receiving applications from young graduates who had completed their qualifications after 2013. Literally, hundreds of thousands of graduates were eligible to apply for the internships, which were later shortlisted.

All of the data of these candidates is handed over to IT companies who have registered with the PSEB through its web portal. The companies can then select appropriate candidates following their own selection process and demands.

Misuse of the Program

In theory, there is nothing wrong with the ICT internship program. However, lack of control and mismanagement has led to the misuse of PSEB’s portal as it exposes the data of all applicants to literally anyone.

Companies (or let me say anyone) can register themselves — without any check or balance, i.e. even individuals can register — with the PSEB through the website. Once done, they can access all of the CVs and contact information of the registered candidates.

Due to the lack of strict management, anyone can register, access people’s private info and even send fake messages by citing the internship application from the candidates.

The applicants can be called anywhere for an ‘interview’, be requested to send out application processing fees to the companies and students can even be scammed through other means.

Potential Repercussions

Since the candidates receive offers on their phones and email addresses they have shared with the PSEB, one wouldn’t expect that the board’s web portal could be misused. In reality, anyone can abuse this loophole and loot or scam thousands of students.

Not only is this a financial and security risk for the applicants, it is immensely demoralizing for them to be called to “interviews” which never take place, are scams or when the companies simply refuse to process applications after calling them from remote areas of the country.

Some might consider this to be the exact opposite of PSEB’s objective to “keep them (students) engaged and interested in acquiring additional knowledge”.

Moreover, most small-scale companies simply don’t have the space to accommodate hundreds or thousands of students for interviews. This is like making people run from pillar to post and all for nothing.

Possible Solution

To solve this potentially dangerous problem – which has been misused by several companies until now – the PSEB needs to implement a thorough registration procedure which can validate a company’s authenticity and it has the ability to actually hire interns.

The board also needs to moderate messages from the companies and ensure that whatever the companies are communicating to the students causes no issues. As a security measure, it needs to make sure that the companies do not communicate with the graduates through other channels. Instead, it should use its own sanctioned communication mediums to forward company requirements to the applicants.

Update

PSEB has said that issue has been fixed now.

He is the Editor at ProPakistani.


  • Muhammad Ali Pasha

    The loophole is fixed now, there is no danger to student’s personal and private data being exposed.

  • Steve Johnson

    What’s the point of being fixed? A latest hack of HEC data has leaked thousands of students Data by an indian hacker group.

    with usernames, passwords, email addresses, mobile numbers. Our personal information is at the mercy of cheap security employed by the government.

    • Hired through special processes, you know what I mean :-)

  • G.j. Raza

    The security and design of these websites is below pathetic… look at pm internship program, looks like developer ne jaan churai ha

    • All govt websites are same like that. They are build so poorly and without care, that with simple URL change you can end up in admin panels. Believe me what I am talking about.

  • IM

    @aadil And is it ok to put someone’s photo on your blog without their permission?

  • Shahzad Shafi

    It’s alarming & SHOCKING