IIT-K alumnus, Quarth Tech under probe for Aadhar theft

More details have emerged about the Aadhar data theft complaint lodged by the Unique Identification Authority of India against ride-hailing service Ola and its payments arm Qarth Technologies Pvt Ltd.

Records accessed by The Indian Express from the Registrar of Companies and the public online profiles of the accused have revealed that Qarth was started in October 2012 by Abhinav Srivastava and Prerit Srivastava - both of the 2004-2009 batch of the Indian Institute of Technology-Kharagpur.

Bengaluru-based Quarth runs a mobile multi-bank payment service called X-Pay, and was acquired by Ola last year (See: UIDAI files case against Ola arm Qarth alleging ID theft). 

In its complaint lodged with Bengaluru Police, a deputy director at the UIDAI's regional office in Bengaluru accused Abhinav Srivastava and Qarth of accessing the UIDAI's central information depository to create and operate a private app called Aadhaar 'eKYC Verification'.

Ashok Lenin (deputy director, UIDAI Regional Office Bengaluru) filed the complaint with the High Grounds police station in Bengaluru on 26 July under Sections 37 and 38 of Aadhaar Act. The case was later transferred to the Cyber Crime investigation cell of Bengaluru police, reports today said.

A case was also registered under Sections 65 and 66 of the Information Technology Act and sections 120B, 468 and 271 of the Indian Penal Code.

Ola has denied the allegation and clarified that it was not involved in any kind of data theft and that it did not have any knowledge of the FIR.

Lenin in his complaint against Ola said, "Qarth workers have developed an app and accessed details on Aadhaar website without authentication and provided the same as e-KYC details. The data theft started on January 1 and went on until July 26."

He went on to say that the accused has joined hands with miscreants in leaking the Aadhaar information and illegally using the same. The High Grounds police have also invoked Section 38 against the company for accessing the Central Identities Data Repository (CIDR) without authorisation.

Under this section, perpetrators are punishable with a term imprisonment up to three years along with a capital penalty of Rs10 lakh.