Unique Identification Authority of India (UIDAI) on Thursday dismissed a media report which claimed that anonymous people were selling details of a billion Aadhaar Card account holders over WhatsApp groups for just Rs 500.
According to a statement issued today, the UIDAI has suggested it’s a case of misuse of the grievance redressal search facility at the disposal of designated personnel and state government officials.
In an investigation by The Tribune, a correspondent “purchased” a service from an anonymous seller on WhatsApp by paying Rs 500 via Paytm. Within minutes, the agent provided a login ID and password to a portal where the correspondent could enter any Aadhaar number and gain instant access to all of its details including name, address, phone number, photo and email, the report claimed.
UIDAI has said it is looking into the case, but assured there has been no data breach of biometric database.
“As UIDAI maintains a complete log and traceability of the facility, the legal action including lodging of FIR against the persons involved in the instant case is being done,” it said.
‘Aadhaar details available for Rs 500’
The Tribune investigation revealed that the operation seemed to have started around six months ago. Some anonymous groups were created on WhatsApp who began by targeting over 3-lakh village-level enterprises (VLE) hired by Ministry of Electronics and Information Technology (ME&IT) under the Common Service Centres Scheme (CSCS), and offered them unrestricted access to all Aadhaar details that have been created so far. Initially, the CSCS was entrusted in making Aadhaar card in India, but their job was soon taken and given to post offices and designated banks in November to avoid security breaches.
Over one lakh VLE are now suspected for gaining illegal access to Aadhaar data to provide the service to people for a fee. Additionally, the hackers may have gained access to a website of the Government of Rajasthan, aadhaar.rajasthan.gov.in, as it was provided in the “software” that allows people to access and print Aadhaar cards.
“Except the Director-General and I, no third person in Punjab should have a login access to our official portal. Anyone else having access is illegal, and is a major national security breach,” Sanjay Jindal, Additional Director-General, UIDAI Regional Centre, Chandigarh, told the daily on hearing about the scam.
The body that issues the biometrics-based 12-digit number has since backtracked. “Tribune’s Story “Rs 500, 10 minutes, and you have access to billion Aadhaar details” is a case of misreporting. No biometric data breach,” UIDAI tweeted on its official Twitter account this afternoon.
This is in line with the UIDAI’s stand on previous cases of Aadhaar data leak, like the November 2017 fiasco when 210 government websites were found making Aadhaar info public. Back then, too, the official stand was that “biometric information is never shared and is fully secure with highest encryption at UIDAI and mere display of demographic information cannot be misused without biometrics”.