UIDAI probing reported Aadhaar data breach, but denies information leak

Unique Identification Authority of India (UIDAI) has begun investigation into a report that said access to its database of the details of over 1 billion citizens was available over WhatsApp for just Rs500.

UIDAI has denied the media report published in The Tribune titled Rs500, 10 minutes, and you have access to billion Aadhaar details  claiming that there has not been any Aadhaar data breach and that the Aadhaar data, including biometric information, is fully safe and secure.

In a statement issued on Thursday evening, UIDAI said it has given search facility for the purpose of grievance redressal to the designated personnel and state government officials to help residents only by entering their Aadhaar number / EID.

''UIDAI maintains complete log and traceability of the facility and any misuse can be traced and appropriate action taken. The reported case appears to be instance of misuse of the grievance redressal search facility. As UIDAI maintains complete log and traceability of the facility, the legal action, including lodging of FIR against the persons involved in the instant case is being done,'' it added.

According to UIDAI, the grievance redressal search facility gives only limited access to name and other details and has no access to biometric details. ''UIDAI reassures that there has not been any data breach of biometric database which remains fully safe and secure with highest encryption at UIDAI and mere display of demographic information cannot be misused without biometrics''

Further, Uidai said, since the Aadhaar number is not a secret number, it is to be shared with authorised agencies whenever an Aadhaar holder wishes to avail certain service or benefit of government welfare scheme/s or other services.

''But that does not mean that the proper use of Aadhaar number poses a security or financial threat. Also, mere availability of Aadhaar number will not be a security threat or will not lead to financial/other fraud, as for a successful authentication fingerprint or iris of individual is also required.

''Claims of bypassing or duping the Aadhaar enrolment system are totally unfounded. Aadhaar data is fully safe and secure and has robust uncompromised security. The UIDAI Data Centres are infrastructure of critical importance and is protected accordingly with high technology conforming to the best standards of security and also by legal provisions,'' the authority pointed out.

Meanwhile, commenting on The Tribune's report on the leak of Aadhaar data, former US National Security Agency contractor and whistle blower Edward Snowden said it was a 'natural tendency' for any government to seek the perfect records of private lives.

''History has shown that no matter what the laws are, the result is always abuse,'' he said.