In response to the recent controversy over the alleged Aadhaar data breach, that was exposed by The Tribune on 4 January, the Unique Identification Authority of India (UIDAI) and the BJP have both denied the charges, saying that the personal data of over a billion Indians are perfectly safe.
“There has not been any data breach and that the data is fully safe and secure,” the UIDAI said while calling The Tribune story a "case of misreporting.”
However, this isn’t the first time that reports of an ‘Aadhaar breach’ have come to the surface. Since the implementation of the Aadhaar system, the UIDAI have reported and sought action against several persons, firms and organisations misusing information from the Aadhaar database, and have often filed multiple FIRs against the relevant offenders as well.
1. FIR Against 3 Firms for Illegal Use of Aadhaar Biometrics
On 15 February 2017, the UIDAI had lodged a complaint with the Delhi Police Cyber Cell against three firms: Axis Bank Limited, its business correspondent Suvidha Infoserve, and digital signature provider Bengaluru-based eMudhra, for having illegally stored biometric data and having performed unauthorised Aadhaar authentication, reports Scroll.
According to Times of India, the UIDAI had lodged the complaint after detecting an exact biometric match in multiple consecutive transactions, which they said was impossible without the biometrics being stored and their unauthorised use.
The report mentions that the UIDAI soon noticed that one person seemed to be performing 397 biometric transactions between 14 July 2016 and 19 February 2017, out of which 194 transactions were reportedly performed through Axis Bank, 112 through eMudhra and 91 through Suvidha Infoserve.
This, said UIDAI, was a direct violation of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits, and Services) Act of 2016, where the law does not allow the storage of biometric data.
2. Criminal Case Against Unknown Persons for Alleged Misuse of Data
The UIDAI, in March last year, registered a criminal case against unknown persons, when it found that biometric details of individuals were being stored illegally and used for carrying out transactions which were unauthorised, reports Business Standard.
As per the report, the UIDAI had then said: “Certain persons in clear violation of the provisions of the Aadhaar Act, 2016, the IT Act and other provisions of various laws in force have tried to do unauthorised authentication, impersonation and have indulged in spreading false rumours regarding the Aadhaar ecosystem.”
As per their investigations, Business Standard reports that the UIDAI had mentioned a video in their report, which shows a lady performing authentication under the guise of a Gaurav Vasant Nikam.
3. FIR Against the Co-Founder of Qarth Technologies Pvt Ltd
In July 2017, the UIDAI lodged a complaint with the Bengaluru police against Abhinav Srivastava, the co-founder of a mobile payment startup Qarth Technologies, for data misuse from the Aadhaar website, reports The Hindu.
According to the FIR lodged by Ashok Lenin, the Deputy Director of UIDAI, Bengaluru, Srivastava had allegedly created a mobile app and had been giving out e-kyc, misusing data from the Aadhaar website without requesting permission from the UIDAI.
Srivastava was booked under Section 29(2) of Aadhaar (targeted delivery of financial and other subsidies, benefits and services) Act 2016; Sections 65 and 66 of the Information Technology Act for tampering with computer source documents and hacking with computer systems; Sections 468 and 471 of IPC for forgery and Section 120(b) for conspiracy, reports The Hindu.
4. UIDAI Suspends e-KYC Licence for Airtel, Airtel Payments Bank
The UIDAI in December, 2017 had temporarily suspended the e-KYC licence for Bharti Airtel and Airtel Payments Bank, due to allegations of the company using the service to open payments bank accounts of its subscribers, without their ‘informed consent’, reports The Hindu.
For Airtel, this meant that the service provider could not carry out their ‘electronic-verification’ or link the SIMs of its customers with their 12-digit biometric national ID Aadhaar through a process as efficient as the e-KYC.
As a result of the suspension, the Airtel Payments Bank would now not be able to open a new account with Aadhaar e-KYC, the report adds.
5. UIDAI Files FIRs Against 8 Unauthorised Aadhaar Websites
In April last year, several unauthorised websites were reported as promising Aadhaar-related services to people and illegally collecting their Aadhaar number and enrollment details as well.
The UIDAI thus filed FIRs against eight of these websites, which were reportedly calling themselves: aadhaarupdate.com, aadhaarindia.com, pvcaadhaar.in, aadhaarprinters.com, geteaadhaar.com, downloadaadhaarcard.in, aadharcopy.in, and duplicateaadharcard.com.
The UIDAI said that the websites had violated several sections of the Information Technology Act 2000, Section 38 of Aadhaar Act 2016, and Section 409 (Criminal breach of trust) and Section 420 (cheating) of IPC.
For crimes committed under this section, the punishment holds imprisonment of upto three years and fine not less than Rs 10 lakh.
(With inputs from Times of India, The Hindu and Business Standard)
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)