Aadhaar data fully safe, cannot be breached or leaked: UIDAI responds

Just yesterday it was reported that a WhatsApp group sold all Aadhaar data available with UIDAI for a meager sum of Rs. 500. Further, it was also said that with an additional fee of Rs. 300, Aadhaar details could be printed.

In the wake of such critical situation, Unique Identification Authority of India (UIDAI) has now denied accusations of Aadhaar data leak. "The Aadhaar data, including biometric information, is fully safe and secure," the authority said in a statement, calling the report in The Tribune "a case of misreporting."

"UIDAI assures that there has not been any Aadhaar data breach," the statement said, adding that the data was secure with a "robust uncompromised security". The authority said it had given search facility for the purpose of grievance redressal to designated personnel and state government officials to help residents only by entering their 12-digit Aadhaar numbers.

"The reported case appears to be an instance of misuse of the grievance redressal search facility. As UIDAI maintains complete log and traceability of the facility, the legal action including lodging of FIR against the persons involved in the instant case is being done."

The Aadhaar database remains fully safe and secure with the highest encryption at UIDAI and the mere display of demographic information cannot be misused without biometrics. The government body has said that the 12-digit ID number was not secret and had to be shared with authorized agencies whenever an Aadhaar holder wishes to avail certain service or benefit of government welfare schemes.

That does not also mean that the proper use of Aadhaar number poses a security or financial threat. Also, the mere availability of Aadhaar number will not be a security threat (and) will not lead to financial (or) other fraud, as for a successful authentication fingerprint or iris of an individual is also required.

"Claims of bypassing or duping the Aadhaar enrolment system are totally unfounded. The UIDAI Data Centres are infrastructures of critical importance and are protected accordingly with high technology conforming to the best standards of security and also by legal provisions."

The Tribune report, which was widely shared on social media sites, claimed that it took just Rs. 500 and 10 minutes for the newspaper to get an access through an "agent" to every detail of an individual submitted to the UIDAI, including name, address, postal code (PIN), photo, phone number and email.

The newspaper said it paid another Rs. 300, for which the "agent" provided "software" to facilitate the printing of the Aadhaar card after entering the Aadhaar number of any individual. The Tribune also claimed to have found in its investigation that the racket may have started around six months ago when some anonymous groups were created on WhatsApp.

These groups targeted over three lakh village-level enterprise operators hired by the Ministry of Electronics and Information Technology (ME&IT) under the Common Service Centres Scheme (CSCS) across India, offering them access to UIDAI data.

CSCS operators were initially entrusted with the task of making Aadhaar cards across the country but were withdrawn later. The service was restricted to post offices and designated banks to avoid any security breach in November last year.

Inputs from IANS