What Happened
In February 2026, Andhra University (Visakhapatnam) experienced a significant data breach in which approximately 46,160 records containing sensitive student and staff information were allegedly exfiltrated and published on a dark web cybercrime forum. The compromised data included academic identifiers (student IDs, enrollment numbers, program names), personally identifiable information (full names, dates of birth, father’s names), contact metadata (phone numbers and email addresses), biometric assets (student photographs and digital signatures), and physical addresses. The breach reportedly originated from the Edusphere Platform, a technology partner providing digital services to the university, with investigators pointing to an expired SSL certificate on edusphere.in as a potential vulnerability that may have facilitated unauthorized access. Security experts warned that the exposed data could be weaponized for phishing scams, identity theft, financial fraud, biometric forgery, and targeted harassment, particularly given the inclusion of sensitive biometric assets and personal contact information.
