UIDAI has dipped into its bag of denials for to rebut yet another Aadhaar leak. Last week, ZDNet published findings of an Indian cybersecurity expert who claimed to have discovered a grave vulnerability which leaves the Aadhaar details of over 1 billion people accessible to anyone.
As expected, UIDAI has refuted these claims, stating that the story published by ZDNet is ‘totally baseless, false and irresponsible.’
There is no truth in this story as there has been absolutely no breach of UIDAI’s Aadhaar database. Aadhaar remains safe and secure.
UIDAI’s oft-parroted denial claims that even if the vulnerability exists, it raises questions about the security firewalls of the utility company, which is leaking the data, and has nothing to do with the safety of UIDAI’s database. UIDAI in this instance said security of any data shared with utility companies is the responsibility of the company and not of UIDAI.
UIDAI also refuted the ZDNet report via a tweetstorm, lambasting the publisher, its story as well as the whistleblower in full force. UIDAI also mentioned that it is contemplating legal action against ZDNet.
There is no truth in this story as there has been absolutely no breach of UIDAI’s Aadhaar database. Aadhaar remains safe and secure. 2/8
— Aadhaar (@UIDAI) March 24, 2018
If one goes by the logic of ZDNet’s story, since the Utility company’s database also had bank account numbers of its customers, so would that mean that all Indian banks’ databases have been breached? The answer would obviously be in negative.5/8
— Aadhaar (@UIDAI) March 24, 2018
UIDAI even questioned the logic behind ZDNet’s story which claims that the aforesaid vulnerability can also provide details about bank account numbers linked to a person’s Aadhaar. If that is the case, does it mean the database of banking institutions has also been breached?
However, UIDAI’s tirade against the latest revelation gave yet another example of its fondness for copying and pasting previous tweets, as the last couple of tweets in the thread were copied from another tweetstorm posted a few weeks ago, which was again copy-pasted from an older conversation.
UIDAI has labeled ZDNet’s story as irresponsible, but in reality, the regulatory body’s questions are nothing short of reckless. UIDAI has tried to distance itself from the new finding by claiming that it is not UIDAI’s domain to worry about the vulnerability in a state-run utility firm’s database, but doesn’t the data belong to UIDAI? Isn’t there any expectation of data security from UIDAI? After all, what would be the point of stashing Aadhaar files behind a 13-foot thick wall, if it is leaked by the very people UIDAI shares it with.