A newspaper sting uncovered a security breach in India which contains the personal details of almost a billion Indian citizens who have an Aadhaar card.
According to a report by the Indian newspaper Tribune, they managed to access the names, email addresses, phone numbers and postal codes in the Aadhaar Database by typing in 12-digit unique identification numbers of people in the portal. It also mentioned that they got the login credentials (login ID and password) and were able to access the database after paying an individual just INR 500 ($7.8) through Paytm. Apparently, they managed to communicate with the anonymous seller over Whatsapp.
Further, the agent also offered a service to print Aadhaar cards to the members of Tribune team for just INR 300 by giving them a software that can be used to print Aadhaar cards after entering the Aadhaar number. The newspaper claimed that the racket might have started around six months back and there could be around 1 lakh illegal users.
However, The Unique Identification Authority of India has dismissed these reports on Thursday saying that it’s a case of misuse of the grievance redressal search facility at the disposal of designated personnel and state government officials. It has registered an FIR for unauthorised access to Aadhaar data at the office of the Surat district administration in Gujarat.
“As UIDAI maintains a complete log and traceability of the facility, the legal action including lodging of FIR against the persons involved in the instant case is being done,” it said.
UIDAI (Unique Identification Authority of India) has denied these reports in a series of tweets.
@UIDAI maintains complete log & traceability of the facility, any misuse is traceable. Legal action taken, including FIR against persons involved. Search facility gives limited access to name & other details, has no access to biometric details @thetribunechd @rsprasad @ceo_uidai — Aadhaar (@UIDAI) January 4, 2018
No #Aadhaar data breach; Aadhaar data including biometric information is fully safe and secure: @UIDAI, denying report by @thetribunechd, saying it is a case of misreporting 1/2 pic.twitter.com/2d4ORHqqMh — PIB India (@PIB_India) January 4, 2018
Claims of bypassing or duping the #Aadhaar enrollment system are totally unfounded: @UIDAI, denying report by @thetribunechd 2/2 pic.twitter.com/Rn3k15mDJJ — PIB India (@PIB_India) January 4, 2018
It also stated that the system did not provide an avenue to other cardholders. Demographic information cannot be misused without biometrics.