Despite the UIDAI’s repeated assurances about the data security around Aadhaar cards, time and again, there have been cases of leaks or data breaches that set alarm bells ringing once again.
Arguably, the largest such data breach was reported today by The Tribune which managed to “purchase” a service through anonymous sellers over WhatsApp that gave the users unfettered access to more than 1 billion Aadhaar accounts and all their details. This is likely the largest data security breach in the country and the ease with which Tribune reporters managed to get access should send chills down your spine.
Racket on WhatsApp
As with everything in India these days, selling Aadhaar information illegally is also conducted on WhatsApp. As the Tribune says in its report:
It took just Rs 500, paid through Paytm, and 10 minutes in which an “agent” of the group running the racket created a “gateway” for this correspondent and gave a login ID and password. Lo and behold, you could enter any Aadhaar number in the portal, and instantly get all particulars that an individual may have submitted to the UIDAI (Unique Identification Authority of India), including name, address, postal code (PIN), photo, phone number and email.
That’s not all. One can also print Aadhaar cards for these numbers using this service. Tribune contacted UIDAI officials in Chandigarh, who “expressed shock” and “admitted it seemed to be a major national security breach.” The matter has been reported to UIDAI technical consultants in Bengaluru.
Further investigations from the paper revealed that the network of Aadhaar creation centres and the people responsible for running these centres could be the ones leaking the information to the parties which can sell it on to just about anyone with Rs 500. The fascinating report listed out the entire investigative process, including how the touts contacted them and how they managed to get access to the portal.
Beebom spoke to the agent/seller mentioned in the Tribune article, and we can report that the Aadhaar information service was indeed available, but has now been shuttered. This despite the UIDAI’s denial of the breach and their statement claiming Aadhaar data is safe and secure.