Aadhaar data breach: UIDAI refutes media reports, says biometric information safe and secure, no leakage occurred

Unique Identification Authority of India (UIDAI) on Thursday denied breach or leak of Aadhaar data after a newspaper reported it bought unrestricted access to the details of over one billion Aadhaar numbers -- for just Rs 500

IANS January 04, 2018 15:53:43 IST
Aadhaar data breach: UIDAI refutes media reports, says biometric information safe and secure, no leakage occurred

New Delhi: Unique Identification Authority of India (UIDAI) on Thursday denied breach or leak of Aadhaar data after a newspaper reported it bought unrestricted access to the details of over one billion Aadhaar numbers -- for just Rs 500.

"The Aadhaar data, including biometric information, is fully safe and secure," the authority said in a statement, calling the report in The Tribune "a case of misreporting".

"UIDAI assures that there has not been any Aadhaar data breach," the statement said, adding that the data was secure with a "robust uncompromised security".

The authority said it had given search facility for the purpose of grievance redressal to designated personnel and state government officials to help residents only by entering their 12-digit Aadhaar numbers.

The grievance redressal search facility, the statement said, "gives only limited access to name and other details and has no access to biometric details".

Aadhaar data breach UIDAI refutes media reports says biometric information safe and secure no leakage occurred

Representational image. News18

It said the authority maintains complete log and traceability of its search facility and any misuse was traceable.

"The reported case appears to be instance of misuse of the grievance redressal search facility. As UIDAI maintains complete log and traceability of the facility, the legal action including lodging of FIR against the persons involved in the instant case is being done."

The Aadhaar database "remains fully safe and secure with highest encryption at UIDAI and mere display of demographic information cannot be misused without biometrics".

It said 12-digit ID number was not secret and had to be shared with authorized agencies whenever an Aadhaar holder wishes to avail certain service or benefit of government welfare schemes.

"That does not mean that the proper use of Aadhaar number poses a security or financial threat. Also, mere availability of Aadhaar number will not be a security threat (and) will not lead to financial (or) other fraud, as for a successful authentication fingerprint or iris of individual is also required.

"Claims of bypassing or duping the Aadhaar enrolment system are totally unfounded. The UIDAI Data Centres are infrastructure of critical importance and is protected accordingly with high technology conforming to the best standards of security and also by legal provisions."

The Tribune report, which was widely shared on social media sites, claimed that it took just Rs 500 and 10 minutes for the newspaper to get an access through an "agent" to every detail of any individual submitted to the UIDAI, including name, address, postal code (PIN), photo, phone number and email.

The newspaper said it paid another Rs 300, for which the "agent" provided "software" to facilitate the printing of the Aadhaar card after entering the Aadhaar number of any individual.

The Tribune also claimed to have found in its investigation that the racket may have started around six months ago when some anonymous groups were created on WhatsApp.

These groups targeted over three lakh village-level enterprise operators hired by the Ministry of Electronics and Information Technology (ME&IT) under the Common Service Centres Scheme (CSCS) across India, offering them access to UIDAI data.

CSCS operators were initially entrusted with the task of making Aadhaar cards across the country but were withdrawn later. The service was restricted to post offices and designated banks to avoid any security breach in November last year.

Updated Date:

Subscribe to Moneycontrol Pro at ₹499 for the first year. Use code PRO499. Limited period offer. *T&C apply

also read

Illegal agencies and operators will be blacklisted and get punishment for up to 3 years: UIDAI Chief
News & Analysis

Illegal agencies and operators will be blacklisted and get punishment for up to 3 years: UIDAI Chief

Pandey explained that the UIDAI first blacklists the operator and then prosecutes it by the Aadhaar Act.

Jharkhand govt website exposes Aadhaar numbers of over 100,000 employees
News & Analysis

Jharkhand govt website exposes Aadhaar numbers of over 100,000 employees

This is yet another case of government agencies using Aadhaar as a verification system, and not taking enough measures to secure the database online

Aadhaar security breaches: Here are the major untoward incidents that have happened with Aadhaar and what was actually affected
News & Analysis

Aadhaar security breaches: Here are the major untoward incidents that have happened with Aadhaar and what was actually affected

Despite the number of reports over the last couple of years, UIDAI has maintained that the Aadhaar server and the biometric data is safe.