UIDAI denies reports of leak of 13cr Aadhaar holders' details
UIDAI has rejected reports of leak of 13 crore Aadhaar numbers and 10 crore bank account numbers, as claimed by the Centre for Internet and Society. "While Aadhaar numbers are available, the biometric information is not. (They) are in safe custody," said UIDAI CEO A.B.P Pandey. On the issue of privacy, an official said simply the Aadhaar number is not confidential.
The UIDAI had begun cracking down on fraudulent firms and websites which claimed to provide Aadhaar services. These included 26 websites and apps too. In addition, Axis Bank, Mumbai-based Suvidha Infoserve and Bengaluru based e-Mudhra are in the dock for impersonation by using stored Aadhaar biometrics. Aadhaar linked details of MS Dhoni were also recently leaked, leading to more concerns.
Several firms have already been blacklisted by the UIDAI for publishing Aadhaar details. Publishing details of Aadhaar databases is a punishable offence under Section 29 (4) of the Aadhaar Act.
The Aadhaar details of over one million people have been leaked by a website maintained by the Jharkhand Directorate of Social Security. They said the issue was due to a programming error. Personal details of 1.6 million beneficiaries of Jharkhand's pension scheme were made publicly available. 1.4 million had even seeded their bank accounts. The breach comes amidst growing opposition to the Aadhaar scheme.
Though the data is freely available online, authorities from Jharkhand seem least concerned by the breach. According to their statements to the media, authorities knew of the breach for several days before it was reported. They said "We got to know about it this week itself. Our programmers are working on it, and the matter should be addressed very soon."
In the first instance of Aadhaar data privacy breach by a central ministry, the Union Water and Sanitation Department was found to have uploaded on its website Aadhaar numbers of beneficiaries of the Swachh Bharat Mission-Gramin. The details were removed late on April 24, after news spread. Under the Aadhaar Act of 2016, such violations are punishable by a three-year term and penalty.
The Centre for Internet and Society found that just four government websites have made public 13.5 crore Aadhaar numbers, plus 100 million bank account numbers. They include the rural development ministry's NSAP and NREGA portals, and Andhra Pradesh's own NREGA website and the dashboard of its "Chandranna Bima" scheme. Individuals' information also includes addresses and caste/religion details, among others. The UIDAI hasn't yet commented.