Abhinav Shrivastava, an IIT graduate who is currently working at Ola, has been arrested by the Bengaluru police for illegally accessing the Aadhaar database.
A complaint filed by the UIDAI on 26 July alleges that Shrivastava accessed the database “without authorisation between 1 January and 26 July”, reports The Indian Express.
Shrivastava and a batch mate had founded a startup called Qarth Technologies in 2016 and had developed an app called ‘Aadhaar eKYC’ that would allow users to verify Aadhaar numbers. This startup was later acquired by Ola. The app was available on the Google Play Store and had at least 50,000 users. The app has since been pulled down.
The police cybercrime unit claims that Shrivastava hacked into servers related to the e-Hospital system created under the Digital India initiative. The app would then illegally route verification requests to the Aadhaar database through these servers.
The e-Hospital app is authorised to access Aadhaar data and is a health information management system that handles patient records and provides other related services.
The Hindu reports that the e-Hospital company was unaware of Shrivastava’s activities. The breach was discovered when the UIDAI was conducting an audit of its authentication systems.
Before being acquired by Ola, Qarth technologies developed a total of five mobile apps. These are currently being inspected for violations as well. Ola acquired Qarth to make use of an e-wallet service called X-Pay. The police are now trying to determine if Shrivastava’s illegal app was used “in any form by Ola”, adds the report in The Hindu.