Aadhaar Breach: List of Important Cases Filed Against Offenders

In response to the recent controversy over the alleged Aadhaar data breach, that was exposed by The Tribune on 4 January, the Unique Identification Authority of India (UIDAI) and the BJP have both denied the charges, saying that the personal data of over a billion Indians are perfectly safe.

“There has not been any data breach and that the data is fully safe and secure,” the UIDAI said while calling The Tribune story a "case of misreporting.”

However, this isn’t the first time that reports of an ‘Aadhaar breach’ have come to the surface. Since the implementation of the Aadhaar system, the UIDAI have reported and sought action against several persons, firms and organisations misusing information from the Aadhaar database, and have often filed multiple FIRs against the relevant offenders as well.

1. FIR Against 3 Firms for Illegal Use of Aadhaar Biometrics

On 15 February 2017, the UIDAI had lodged a complaint with the Delhi Police Cyber Cell against three firms: Axis Bank Limited, its business correspondent Suvidha Infoserve, and digital signature provider Bengaluru-based eMudhra, for having illegally stored biometric data and having performed unauthorised Aadhaar authentication, reports Scroll.

According to Times of India, the UIDAI had lodged the complaint after detecting an exact biometric match in multiple consecutive transactions, which they said was impossible without the biometrics being stored and their unauthorised use.

This, said UIDAI, was a direct violation of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits, and Services) Act of 2016, where the law does not allow the storage of biometric data.

2. Criminal Case Against Unknown Persons for Alleged Misuse of Data

The UIDAI, in March last year, registered a criminal case against unknown persons, when it found that biometric details of individuals were being stored illegally and used for carrying out transactions which were unauthorised, reports Business Standard.

As per their investigations, Business Standard reports that the UIDAI had mentioned a video in their report, which shows a lady performing authentication under the guise of a Gaurav Vasant Nikam.

3. FIR Against the Co-Founder of Qarth Technologies Pvt Ltd

In July 2017, the UIDAI lodged a complaint with the Bengaluru police against Abhinav Srivastava, the co-founder of a mobile payment startup Qarth Technologies, for data misuse from the Aadhaar website, reports The Hindu.

According to the FIR lodged by Ashok Lenin, the Deputy Director of UIDAI, Bengaluru, Srivastava had allegedly created a mobile app and had been giving out e-kyc, misusing data from the Aadhaar website without requesting permission from the UIDAI.

4. UIDAI Suspends e-KYC Licence for Airtel, Airtel Payments Bank

The UIDAI in December, 2017 had temporarily suspended the e-KYC licence for Bharti Airtel and Airtel Payments Bank, due to allegations of the company using the service to open payments bank accounts of its subscribers, without their ‘informed consent’, reports The Hindu.

For Airtel, this meant that the service provider could not carry out their ‘electronic-verification’ or link the SIMs of its customers with their 12-digit biometric national ID Aadhaar through a process as efficient as the e-KYC.

As a result of the suspension, the Airtel Payments Bank would now not be able to open a new account with Aadhaar e-KYC, the report adds.

5. UIDAI Files FIRs Against 8 Unauthorised Aadhaar Websites

In April last year, several unauthorised websites were reported as promising Aadhaar-related services to people and illegally collecting their Aadhaar number and enrollment details as well.

The UIDAI thus filed FIRs against eight of these websites, which were reportedly calling themselves: aadhaarupdate.com, aadhaarindia.com, pvcaadhaar.in, aadhaarprinters.com, geteaadhaar.com, downloadaadhaarcard.in, aadharcopy.in, and duplicateaadharcard.com.

The UIDAI said that the websites had violated several sections of the Information Technology Act 2000, Section 38 of Aadhaar Act 2016, and Section 409 (Criminal breach of trust) and Section 420 (cheating) of IPC.

For crimes committed under this section, the punishment holds imprisonment of upto three years and fine not less than Rs 10 lakh.

(With inputs from Times of India, The Hindu and Business Standard)