After reports about two Aadhaar leak incidents yesterday where data of citizens was leaked from Andhra Pradesh government’s websites. Now, the same independent security researcher, Srinivas Kodali, has shared another instance of improper security measure to protect data of millions of Indian citizens. And this time it’s related to children.
Around 69,83,048 children's #Aadhaar data is leaking online. Who is responsible to protect their privacy, Govt, parents, teachers or SC? The first leak I reported in Feb, 2017 was children's data. The UIDAI has never acknowledged this and continues to say, there is no problem. pic.twitter.com/VXDl2B3ru3
— Srinivas Kodali (@digitaldutta) April 27, 2018
Kodali tweeted that he came across the data on nearly 7 million children on a government portal stored in an unsecured manner. Without revealing the source of the leak, he contacted CERT-In and submitted the vulnerability which has yet to be fixed, Kodali confirmed to Beebom in a private conversation on Twitter.
These days @IndianCERT is responding back immediately. They can probably earn back the trust from the community, if it continues. pic.twitter.com/BfHYy48OHv
— Srinivas Kodali (@digitaldutta) April 27, 2018
Taking the parameters into consideration, the leak appears to be from a government portal – probably from a database designated for child welfare schemes. This is because it sorts the data on the basis of district, village, DOB of children, the medium of education. The database also uses a column for mandal(s) which is the common name for tehsil(s) or administrative divisions in the states of Andhra Pradesh and Telangana. Considering earlier exposes by Kodali have cornered leaks from Andhra government website, this one too appears to be from a related source.
Meanwhile, right to privacy activists and the government of India have locked horns while the Supreme Court is acknowledging motions and counter-attacks. The SC also clarified that it had not ordered the government or the Department of Telecom to link Aadhaar to mobile numbers and DoT’s decision to urge all subscribers was a self-imposed one.