Despite constant assurance given by the Unique Identification of India (UIDAI) over the authentication of Aadhaar data, the organisation needs a relook in its security system for this 12-digit biometric identification number.
 
According a report published in the Tribune, the newspaper purchased a service being offered by anonymous sellers over WhatsApp providing unrestricted access to details for any of the more than 1 billion Aadhaar numbers created in India so far.
 
The newspaper spared just Rs 500 via Paytm and in merely 10 minutes the “agent” of the group running the racket created a gateway and gave a Login ID and password.
 
The report exposed that anyone could get hold of the details mentioned in Aadhaar preserved with UIDAI. These details can be your name, address, postal code (PIN), photo, phone number and email.
 
The Tribune also mentioned that after paying Rs 300 more that “agent” provided them a software to facilitate the printing of the Aadhaar card after entering the Aadhaar number of any individual.
 
What is even more appalling to know from the report is that the anonymous group on WhatsApp was created around six months ago.
 
According to the report, the group targeted over 3 lakh village-level enterprise (VLE) operators, hired by the Ministry of Electronics and Information Technology (ME&IT) under the Common Service Centres Scheme (CSCS) across India, offering them access to UIDAI data.
 
The matter has reportedly been referred to the UIDAI technical consultants in Bengaluru.
 
Interestingly, this would not be the first time when Aadhaar data breach news has come to fore. Earlier on November 19, 2017, there were media reports stating that 210 Central and state government websites publicly displayed details of Aadhaar beneficiaries.
 
The UIDAI had then released a notification saying that Aadhaar security systems are the best of the international standards and Aadhaar data is fully secure. There has been no breach or leakage of Aadhaar data at UIDAI.
 
Ensuring on the Aadhaar numbers, which were made public on the said websites, UIDAI had stated that such information do not pose any real threat to the people as biometric information is never shared, adding "Mere display of demographic information cannot be misused without biometrics."