The Unique Identification Authority of India (UIDAI) denied a media report published in The Tribune which revealed a racket in Jalandhar who provides access to Aadhaar database of more than a billion Indians for just Rs 500.
The UIDAI assured that there has not been any Aadhaar data breach. The Aadhaar data including biometric information is fully safe and secure.
The report titled “Rs 500, 10 minutes, and you have access to billion Aadhaar details” by The Tribune journalist Rachna Khaira says that after paying Rs 500 via Paytm to an ‘agent’, the group running the racket created a gateway for her within 10 minutes. Rachna then got a login ID and password for the Aadhaar portal which is only supposed to be accessed by admins.
After entering the portal, the reporter was able to access details of any individual just by entering their Aadhaar number. The details that could be accessed included name, address, postal code (PIN), photo, phone number and email of the Aadhaar card holder.
Sanjay Jindal, Additional Director-General, UIDAI Regional Centre, Chandigarh, accepting that this was a lapse, told The Tribune: “Except the Director-General and I, no third person in Punjab should have a login access to our official portal. Anyone else having access is illegal, and is a major national security breach.”
The English daily investigation also revealed that the racket is six months old and was started as a WhatsApp group. The group targeted operators of Common Service Centres Scheme (CSCS), offering them access to UIDAI data.
CSCS operators were initially assigned the task of making Aadhaar cards, but in November last year the service was restricted to post offices and designated banks.
In a statement issued on Thursday, the UIDAI said that UIDAI has given the search facility for the purpose of grievance redressal to the designated personnel and state government officials to help residents only by entering their Aadhaar number/EID.
The UIDAI maintains complete log and traceability of the facility and any misuse can be traced and appropriate action taken.
The reported case appears to be an instance of misuse of the grievance redressal search facility. As UIDAI maintains a complete log and traceability of the facility, the legal action including lodging of FIR against the persons involved in the instant case is being done.
The UIDAI reiterates that the grievance redressal search facility gives only limited access to the name and other details and has no access to biometric details. UIDAI reassures that there has not been any data breach of the biometric database which remains fully safe and secure with the highest encryption at UIDAI and a mere display of demographic information cannot be misused without biometrics.
The government’s unfettered access to citizen’s biometric details has already been in the centre of much debate in the civil society.