Aadhaar number is currently used for many important tasks and is linked to bank accounts and telecom service providers. Aadhaar card is becoming an Indian citizen’s most important personal identification document. But how safe is your Aadhaar?
An investigation by The Tribune has revealed that sellers on WhatsApp are providing unrestricted access to over a billion Aadhaar details for just Rs 500. The Tribune reports that a correspondent “purchased” a service from an anonymous seller on WhatsApp by paying Rs 500 via Paytm. Within minutes, the agent provided a login ID and password to a portal where the correspondent could enter any Aadhaar number and gain instant access to all of its details including name, address, phone number, photo and email.
UIDAI has denied the The Tribune’s investigation and is calling it a case of misreporting. It assures that there has been no Aadhaar data breach and that data is fully safe and secure. UIDAI adds that some people have misused the demographic information given to designated official, but also added that the information cannot be misused without biometrics. “UIDAI maintains complete log & traceability of the facility, any misuse is traceable. Legal action taken, including FIR against persons involved. Search facility gives limited access to name & other details, has no access to biometric details,” it tweeted.
@UIDAI maintains complete log & traceability of the facility, any misuse is traceable. Legal action taken, including FIR against persons involved. Search facility gives limited access to name & other details, has no access to biometric details @thetribunechd @rsprasad @ceo_uidai
— Aadhaar (@UIDAI) January 4, 2018
The investigation revealed that the operation started around six months ago. Some anonymous groups were created on WhatsApp who began by targeting over 3-lakh village-level enterprises (VLE) hired by Ministry of Electronics and Information Technology (ME&IT) under the Common Service Centres Scheme (CSCS), and offered them unrestricted access to all Aadhaar details that have been created so far. Initially, the CSCS was entrusted in making Aadhaar card in India, but their job was soon taken and given to post offices and designated banks in November to avoid security breaches.
Over one lakh VLE are now suspected for gaining illegal access to Aadhaar data to provide the service to people for a fee. Additionally, the hackers may have gained access to a website of the Government of Rajasthan, aadhaar.rajasthan.gov.in, as it was provided in the “software” that allows people to access and print Aadhaar cards.
This investigation has managed to uncover a major data breach and an operation that has been running for at least six months. It comes following UIDAI’s claims in November that Aadhaar details were safe from breaches. However, the latest report suggests that a simple process of paying Rs 500 can allow a person to gain access to every Aadhaar card in India, which can be used for nefarious purposes in the wrong hands. Linked SIM cards and bank accounts, among other things, can be misused with this knowledge.
As of now, the UIDAI is looking into the matter and Jindal says this report can only be confirmed after a technical investigation has been conducted. Those who have an Aadhaar card can track whether there has been any misuse. The UIDAI recently introduced an option on its website to help you view the history of where your Aadhaar was used. (Inputs from Agencies)