Report says you can get anyone’s Aadhaar details for Rs 500; UIDAI calls it a ‘case of misreporting’

The Unique Identification Authority of India (UIDAI) on Thursday denied breach or leak of Aadhaar data after The Tribune reported it bought unrestricted access to the details of over one billion Aadhaar numbers for just Rs 500.

The Tribune “purchased” a service being offered by anonymous sellers over WhatsApp that provided unrestricted access to details of any of the more than 1 billion Aadhaar numbers created in India thus far, reported The Tribune.

The UIDAI assured that there has not been any Aadhaar data breach.

"The Aadhaar data, including biometric information, is fully safe and secure," the authority said in a statement, calling the report in The Tribune "a case of misreporting".

"UIDAI assures that there has not been any Aadhaar data breach," the statement said, adding that the data was secure with a "robust uncompromised security".

The authority said it had given search facility for the purpose of grievance redressal to designated personnel and state government officials to help residents only by entering their 12-digit Aadhaar numbers.

The grievance redressal search facility, the statement said, "gives only limited access to names and other details and has no access to biometric details".

It said the authority maintains complete log and traceability of its search facility and any misuse was traceable.

"The reported case appears to be instance of misuse of the grievance redressal search facility. As UIDAI maintains complete log and traceability of the facility, legal action including lodging of FIR against the persons involved in the instant case is being done."

It said 12-digit ID number was not a secret and had to be shared with authorised agencies whenever an Aadhaar holder wishes to avail certain services or benefits of government welfare schemes.

"That does not mean that the proper use of Aadhaar number poses a security or financial threat. Also, mere availability of Aadhaar number will not be a security threat (and) will not lead to financial (or) other fraud, as for a successful authentication fingerprint or iris of individual is also required.

Claims of bypassing or duping the Aadhaar enrolment system are totally unfounded. The UIDAI Data Centres are infrastructure of critical importance and is protected accordingly with high technology conforming to the best standards of security and also by legal provisions."

The Tribune report, which was widely shared on social media sites, claimed that it took just Rs 500 and 10 minutes for the newspaper to get an access through an "agent" to every detail of any individual submitted to the UIDAI, including name, address, postal code (PIN), photo, phone number and email.

The newspaper said it paid another Rs 300, for which the "agent" provided "software" to facilitate the printing of Aadhaar card after entering the Aadhaar number of any individual.

The Tribune also claimed to have found in its investigation that the racket may have started around six months ago when some anonymous groups were created on WhatsApp.

These groups targeted over three lakh village-level enterprise operators hired by the Ministry of Electronics and Information Technology (ME&IT) under the Common Service Centres Scheme (CSCS) across India, offering them access to UIDAI data.

CSCS operators were initially entrusted with the task of making Aadhaar cards across the country but were withdrawn later. The service was restricted to post offices and designated banks to avoid any security breach in November last year.

with inputs from IANS