Aadhaar Data Breach: UIDAI, BJP Deny Report; Portal Still Down
Image used for representational purposes.
Image used for representational purposes.(Photo: Altered by The Quint)

Aadhaar Data Breach: UIDAI, BJP Deny Report; Portal Still Down

The Unique Identification Authority of India (UIDAI) has denied The Tribune report which revealed a racket in Jalandhar, via which a journalist was able to gain access to the Aadhaar database of a billion Indians for just Rs 500.

“There has not been any data breach and that the data is fully safe and secure”, the board said while calling The Tribune story a "case of misreporting.”

The Aadhaar data including biometric information is fully safe and secure. UIDAI maintains complete log and traceability of the facility and any misuse can be traced and appropriate action taken. Legal action including lodging of FIR against the persons involved in the present case being done.
UIDAI statement

The Aadhaar-issuing body said it has given the "search facility" for grievance redressal to designated personnel and state government officials to help residents, that too only upon entering their Aadhaar number.

At the same time, UIDAI said Aadhaar number is not a secret number, and is to be shared with authorised agencies whenever an Aadhaar holder wants to avail a service or benefit of government welfare schemes.

Also, mere availability of Aadhaar number will not be a security threat or will not lead to financial/other fraud, as for a successful authentication, fingerprint or iris scan of individual is also required...Claims of bypassing or duping the Aadhaar enrollment system are totally unfounded

The UIDAI portal, which can only be accessed by admins of the Aadhaar database, is currently down following reports of the data breach on the portal. Typing the URL portal.uidai.gov.in on your browser returns the message — ‘This site can’t be reached’.

The report by The Tribune journalist Rachna Khaira says that after paying Rs 500 via Paytm to an ‘agent’, the group running the racket created a gateway for her within 10 minutes. Rachna then got a login ID and password for the Aadhaar portal which is only supposed to be accessed by admins.

After entering the portal, the correspondent was able to access all details of any individual just by entering their Aadhaar number. The details that could be accessed included name, address, postal code (PIN), photo, phone number and email of the Aadhaar card holder.

Sanjay Jindal, Additional Director-General, UIDAI Regional Centre, Chandigarh, accepted the huge security lapse and told The Tribune, “Except the Director-General and I, no third person in Punjab should have a login access to our official portal.”

Hence, any third person having such access is not only illegal, but ‘a major national security breach.’

"Some persons have misused demographic search facility, given to designated officials to help residents who have lost Aadhaar/Enrollment slip to retrieve their details," the UIDAI said in its clarification reiterating that there was no breach.

Mere availability of Aadhaar number will not be a security threat or will not lead to financial/other fraud, as for a successful authentication fingerprint or iris of induvidual is also required. 
UIDAI
The Tribune report also said that for an additional Rs 300, the agent provided them a ‘software’ that facilitated the printing of any Aadhaar card once you input the Aadhaar number.

Investigations by the English daily revealed that the racket is six months old and was started as a WhatsApp group. The group targeted operators of Common Service Centres Scheme (CSCS), offering them access to UIDAI data.

CSCS operators were initially assigned the task of making Aadhaar cards, but in November last year the service was restricted to post offices and designated banks.

New Delhi-based Gopal Krishan, who is convenor of the Citizens Forum for Civil Liberties, told The Tribune that the leakage means Aadhaar has "failed the privacy test... proposed data protection law will now hold no purpose as the data has already been breached."

On 20 November 2017, UIDAI had said in a statement, “The Aadhaar data is fully safe and secure and there has been no data leak or breach at UIDAI.”

Also Read: If Your Aadhaar Data Has Been Hacked, You Might Never Find Out

BJP Calls Breach “Fake News”

The BJP called The Tribune report “fake news”, stating that the data was secure with world-class technology.

UIDAI Faces Massive Flak

The UIDAI might have taken down the portal via which the massive ‘national security breach’ happened, but this did not stop the citizens from addressing their anger.

The exposé also led to people starting few online petitions asking the government to scrap Aadhaar.

(Breathe In, Breathe Out: Are you finding it tough to breathe polluted air? Join hands with FIT in partnership with #MyRightToBreathe to find a solution to pollution. Send in your suggestions to fit@thequint.com or WhatsApp @ +919999008335)