What happened
On 11 May 2026, a configuration error during WhatsApp bulk message sending caused approximately 150-200 registered attendees of India Electronics Week 2026 to receive an incorrect badge download link, one intended for a different registrant. This was an automation error, not a security breach or an unauthorised external intrusion.
What data was potentially exposed
The badge download links contained registrant information submitted at the time of event registration, typically name, organisation, job title, email and phone number. No payment information, government-issued ID, or passwords were accessible via these links.
What we did
The error was identified promptly during an internal test within 60 minutes of the campaign being sent on 11 May 2026.
All incorrectly assigned sign-in links were deactivated immediately.
The badge portal was fully restored an hour later, and all registrants were able to download their correct badges by logging in at the portal using their own credentials.
How many people were affected
Approximately 150-200 registrants received an incorrect link.
Your rights under DPDPA
Under the Digital Personal Data Protection Act, 2023, you have the right to:
- Request information about what personal data we hold about you: write to privacy@efy.in with the subject line “DPDPA Data Request.”
- Request deletion of your personal data from our systems: write to the same address with the subject line “DPDPA Deletion Request.” We will process your request within the timelines prescribed under applicable law.
- Withdraw consent for future communications using the Unsubscribe link in any email we send you.
Recurrence prevention
We have revised our bulk messaging configuration process to include a validation step that verifies link-to-recipient mapping before dispatch. We are conducting a full review of all automated communication workflows.