Aadhaar Data Breach: UIDAI, BJP Deny Report; Portal Still Down

The Unique Identification Authority of India (UIDAI) has denied The Tribune report which revealed a racket in Jalandhar, via which a journalist was able to gain access to the Aadhaar database of a billion Indians for just Rs 500.

“There has not been any data breach and that the data is fully safe and secure”, the board said while calling The Tribune story a "case of misreporting.”

The Aadhaar-issuing body said it has given the "search facility" for grievance redressal to designated personnel and state government officials to help residents, that too only upon entering their Aadhaar number.

At the same time, UIDAI said Aadhaar number is not a secret number, and is to be shared with authorised agencies whenever an Aadhaar holder wants to avail a service or benefit of government welfare schemes.

The UIDAI portal, which can only be accessed by admins of the Aadhaar database, is currently down following reports of the data breach on the portal. Typing the URL portal.uidai.gov.in on your browser returns the message — ‘This site can’t be reached’.

The report by The Tribune journalist Rachna Khaira says that after paying Rs 500 via Paytm to an ‘agent’, the group running the racket created a gateway for her within 10 minutes. Rachna then got a login ID and password for the Aadhaar portal which is only supposed to be accessed by admins.

After entering the portal, the correspondent was able to access all details of any individual just by entering their Aadhaar number. The details that could be accessed included name, address, postal code (PIN), photo, phone number and email of the Aadhaar card holder.

Sanjay Jindal, Additional Director-General, UIDAI Regional Centre, Chandigarh, accepted the huge security lapse and told The Tribune, “Except the Director-General and I, no third person in Punjab should have a login access to our official portal.”

Hence, any third person having such access is not only illegal, but ‘a major national security breach.’

"Some persons have misused demographic search facility, given to designated officials to help residents who have lost Aadhaar/Enrollment slip to retrieve their details," the UIDAI said in its clarification reiterating that there was no breach.

Investigations by the English daily revealed that the racket is six months old and was started as a WhatsApp group. The group targeted operators of Common Service Centres Scheme (CSCS), offering them access to UIDAI data.

CSCS operators were initially assigned the task of making Aadhaar cards, but in November last year the service was restricted to post offices and designated banks.

New Delhi-based Gopal Krishan, who is convenor of the Citizens Forum for Civil Liberties, told The Tribune that the leakage means Aadhaar has "failed the privacy test... proposed data protection law will now hold no purpose as the data has already been breached."

On 20 November 2017, UIDAI had said in a statement, “The Aadhaar data is fully safe and secure and there has been no data leak or breach at UIDAI.”

BJP Calls Breach “Fake News”

The BJP called The Tribune report “fake news”, stating that the data was secure with world-class technology.

UIDAI Faces Massive Flak

The UIDAI might have taken down the portal via which the massive ‘national security breach’ happened, but this did not stop the citizens from addressing their anger.

The exposé also led to people starting few online petitions asking the government to scrap Aadhaar.

(Breathe In, Breathe Out: Are you finding it tough to breathe polluted air? Join hands with FIT in partnership with #MyRightToBreathe to find a solution to pollution. Send in your suggestions to fit@thequint.com or WhatsApp @ +919999008335)