News

Alleged breach compromises a billion Aadhaar accounts; govt in denial mode

A recent revelation exposes the vulnerability of Aadhaar data and the ease in accessing information for a mere Rs 500.

The nation went into a tizzy within hours of a Tribune correspondent revealing how Aadhaar data on the Unique Identification Authority of India (UIDAI) database was being accessed by unauthorized agents and the absolute lack of security measures to guard citizen information.

Although the additional director-general of UIDAI accepted that it was a “major national security breach”, UIDAI’s official Twitter handle denied any data breach and rubbished it as a case of “misreporting”.

Decoding the modus operandi

The Tribune, upon contacting an agent of the group running the racket on WhatsApp, was given a login ID and password after a gateway was created to access the UIDAI database.

All they had to do was to shell out Rs 500 through Paytm, and within 10 minutes had access to the names, addresses, postal codes, phone numbers, email IDs, and photographs of 1.2 billion Aadhaar accounts.

And it doesn’t stop here. For an additional Rs 300, the agent also gave them a software that could print the Aadhaar card using an individual’s Aadhaar number.

Furthermore, the investigation brought to light that the racket might have been around for six months now. The racketeers targeted close to three lakh village-level enterprise operators appointed by the Ministry of Electronics and Information Technology, under the Common Service Centres Scheme (CSCS).  

In the absence of stringent guidelines, close to one lakh village-level enterprises illegally accessed the UIDAI database for confidential Aadhaar information.

Despite widespread outrage, Indian government continues to be in denial mode

In the wake of this revelation, social media came alive as people expressed shock and disappointment in UIDAI being unable to protect the Aadhaar data.

 

Former CIA employee and controversial whistleblower Edward Snowden, addressed the breach, saying it was a “natural tendency” for any government to seek the perfect records of private lives.

 

The latest breach comes as a shocker and could further dilute citizen’s trust in the government’s ability to protect critical data.

Ironically, the government, in several public announcements, emphasized the need for a robust information security protocol and the necessity to penalize offenders.

As a matter of fact, at CIO 100 2017, Arvind Gupta, head of Digital India Foundation, stated that the Government of India is exploring how artificial intelligence can be used to integrate bots with Aadhaar.

Sounds fantastic, but perhaps it would serve us well if the government got the basics right before attempting to rope in cutting edge tech.