130 mn Aadhaar numbers were not leaked, they were treated as publicly shareable data: CIS

The Center for Internet and Society has carefully documented the public availability of 130 million Aadhaar numbers, along with other sensitive private information. The sources of the leaks were four government run schemes. The leaks originate from the National Social Assistance Programme by the Ministry of Rural Development, the National Rural Employment Guarantee Act (NREGA), also by the Ministry of Rural Development, Daily Online Payment Reports under NREGA by the government of Andhra Pradesh and the Chandranna Bima Scheme, also by the government of Andhra Pradesh.

Since the discovery of the leaks, some of the content in the databases have been partially masked. The masking may be a result of reports of databases with Aadhaar numbers available after simple queries on search engines such as Google. However, there is no indication of who has already had access to the databases, and it is difficult to estimate the impact of such access. Additionally, there is no indication that the databases have been purged, and are not vulnerable to cyber attacks.

The report notes that despite multiple reports of Aadhaar data leaks, these are not actually leaks in the sense that confidential data available in controlled access has been made public. These are instances where the personal, private data of individuals has not been treated as confidential in the first place, and in fact, the government agencies in question have actually taken efforts to publish them publicly. The issue here is that this is not some kind of cyber wrangling by malicious actors that has made available the data, but instead the Aadhaar numbers and other personal information has been treated as publicly shareable data by the custodians.

The full report can be read below

Information Security Practices of Aadhaar (or lack thereof) by Firstpost on Scribd

Published Date: May 03, 2017 10:12 am | Updated Date: May 03, 2017 10:12 am