Personal information from Aadhaar cards (personal identification card) of more than a billion Indians stored in the world’s largest biometric database was sold online for less than $8, according to a report by an Indian newspaper.
An investigative story by The Tribune revealed that it is possible to buy login credentials of the Aadhaar database, which can collect the photographs, thumbprints and other identifying details of every citizen. It further added that fake Aadhar cards can be generated by purchasing software online and that the publication also bought access to such database by merely paying $7.89 on a WhatsApp group.
The Unique Identification Authority of India (UIDAI), which controls the Aadhaar system said that the “case appears to be an instance of misuse.”
UIDAI said that it has filed a police complaint against the people responsible for misusing the access, but did not identify them.
A follow-up story by The Tribune mentioned that the agency has denied any misuse of data. “UIDAI reassures that there has not been any data breach of biometric database which remains fully safe and secure with highest encryption at UIDAI and mere display of demographic information cannot be misused without biometrics,” it added. “Claims of bypassing or duping the Aadhaar enrolment system are totally unfounded.” This kind of problems in a program facing increasing scrutiny over privacy concerns will ask more questions about data safety.
The current administration, under Prime Minister Narendra Modi, had also made it mandatory for individuals to link Aadhaar to private and public services. Now India’s Supreme court is holding hearings to decide whether the decision made by Modi will affect the privacy rights of individuals or not.
Several national leaders in India have expressed concerns over the safety of private information.
Sitaram Yechury, a leader of a communist party in India, tweeted, “The Perils of making Aadhaar mandatory and linking it to bank accounts, as insisted upon by the Modi government, are visible here.”
Last month, the telecom firm Bharti Airtel was barred by the agency for using Aadhaar details to verify customers identities because the facility was being misused to open accounts on its payment platform.