Tale of Two Data Breaches: How Facebook & UIDAI Handled The Leaks
Privacy has been breached and user data leaked. That’s the common element here to two large data breaches – one being Facebook’s user data being bought and used by Cambridge Analytica for political mileage, and the other was access to the personal data of over 1 billion Indians for just Rs 500 in a January Aadhaar database leak.
The salient point here is how both these entities have reacted to their respective data being leaked. Facebook, although silent for a couple of days, came out and acknowledged the issue. But Facebook CEO Mark Zuckerberg stopped short of actually apologising for the data leak. (He did not use the words ‘sorry’ or ‘apologise’ in a long post he wrote on his Facebook page acknowledging the incident and the steps being taken to fix privacy issues.)
UIDAI, on the other hand, went into denial right off the bat after the 4 January 2018 report by The Tribune about how access to Aadhaar data of a billion Indians was easily available to anyone for as little as Rs 500.
There was no apology of any sort from UIDAI, but instead a message of denial sent out in a statement by its CEO, as well as a series of tweets from the organisation reiterating that there was no breach of ‘biometric data’.
Even as it denied any kind of data breach, UIDAI did acknowledge that there was some access to “demographic information, which could not be misused without biometrics.” And then, while it did initiate steps of trying to fix the issue by first removing access to the website through which the breach happened – it also went on the offensive by filing an FIR against the reporter who broke the story! A clear case of ‘shoot the messenger’.
That’s not all. The same gameplan appears to continue in the way India deals with so-called breaches – deny it and obliterate any traces of a breach happening.
For instance, in the Facebook fiasco, a partner company of Cambridge Analytica that did business in India for political gain, Ovleno Business Intelligence, has had its website taken down after it displayed the names of its clients, which included the BJP, Congress and JDU, besides ICICI Bank and Airtel. No official statement has been issued about this yet.
Isn’t it time somebody said sorry? Facebook? UIDAI? Come on, you owe it to us!
Video Editor: Rahul Sanpui
(The Quint has given up the use of plastic plates and spoons. This Earth Hour, what will you #GiveUp to save the planet? Use the hashtag #GiveUp and tag @TheQuint to tell us.)