The whole issue of privacy and data security surrounding Aadhaar reached an entirely new level when TRAI chief, Ram Sewak Sharma, recently shared his Aadhaar number publicly on Twitter and dared someone to ‘do any harm’ to him. As it turns out, not only his phone number, but his address, bank account number, PAN card, telecom operator, phone model, Air India frequent flyer ID and a lot more personal details were extracted just based on the Aadhaar ID shared by Sharma.
UIDAI has now come to defend the telecom regulatory body’s chief and its own reputation, claiming that the Aadhaar chief’s personal data was not obtained by exploiting his Aadhaar number after breaching the database, which the government has always claimed to be ultra-secure despite numerous vulnerabilities found and disclosed.
My Aadhaar number is 7621 7768 2740
Now I give this challenge to you: Show me one concrete example where you can do any harm to me!
— Dr. RS Sharma (@rssharma3) July 28, 2018
“It is reiterated that in this case of [RS] Sharma, no data has been fetched using his Aadhaar number from UIDAI’s servers or Aadhaar database”, UIDAI said. In a recent tweetstorm, the Aadhaar regulatory body was on defensive mode, claiming that all of Sharma’s personal details were already available on public domains and could have been easily obtained with a simple Google search.
“In fact, this so called ‘hacked’ information (about Sharma’s personal details such as his address, date of birth, photo, mobile number, e-mail, etc.) was already available in the public domain as he being a public servant for decades and was easily available on Google and various other sites by a simple search without Aadhaar number.”
UIDAI further pointed out that all claims of breaching the Aadhaar database, which is impregnable even after a billion attempts, are false, adding that the whole turn of events was merely a cheap publicity stunt by unscrupulous elements in a bid to garner some attention and spread fake news.
People are cautioned not to believe any such fake news about Aadhaar. In today’s digital world through various search engines such as Google, personal data can be picked from different sources without Aadhaar and a profile can be made. 12/n
— Aadhaar (@UIDAI) July 29, 2018
In subsequent tweets, UIDAI tried to quell the uproar surrounding the fiasco which was ignited by the dare, assuring citizens that their personal data is fully secure.
But that’s not where the story ends, as ethical hackers posted screenshots of having sent an amount of Re. 1 to the UIDAI chief’s bank account via multiple media such as IMPS, BHIM and Paytm to make a statement. It appears that UIDAI owes a clearer explanation, especially when its chief is at the center of such a disaster.