Centre for Internet & Society

The Unique Identification Authority of India (UIDAI) has admitted that Aadhaar details were leaked on over 200 central and state government websites.

The article was published in the Financial Express on November 20, 2017.

The Unique Identification Authority of India (UIDAI) has admitted that Aadhaar details were made public on over 200 central and state government websites. According to an RTI reply, these websites publicly displayed name, address and other details of Aadhaar beneficiaries, which was removed when the breach was identified.

However, UIDAI does not have information about the time of the breach. It also said that Aadhaar details have never been made public by UIDAI. “However, it was found that approximately 210 websites of the central government, state government departments including educational institutes were displaying the list of beneficiaries along with their name, address, other details and Aadhaar numbers for information of the general public,” it said.

UIDAI issues Aadhaar — a 12-digit unique identification number — which acts as a proof of identity and addresses anywhere in the country. Lately, Aadhaar has been creating furore for security and privacy reasons, especially after the Narendra Modi government began aggressively pushing the identification number to be linked with social benefits, banks, PAN, mobile number et al. In a landmark judgement this August, the Supreme Court ruled that privacy was a fundamental right of citizens, weakening the case for pushing Aadhar.

Currently, cases are being heard in the apex court on linking Aadhaar to banks and mobile numbers. In May, the Centre for Internet and Society had claimed that Aadhaar numbers of as many as 135 millions could have been leaked. “Based on the numbers available on the websites looked at, the estimated number of Aadhaar numbers leaked through these four portals could be around 130-135 million,” the report by CIS had said. Further, as many as 100 million bank account numbers could have been “leaked” from the four portals, it had added.

UIDAI and the government had been vehemently denying that Aadhaar details can be leaked despite apprehension from different sections of society. Soon after the RTI reply appeared in media, UIDAI refuted the news of leaks, calling it a “skewed presentation of facts. “Such report is a skewed presentation of the facts and poses as if the Aadhaar data is breached or leaked which is not the true presentation. Aadhaar data is fully safe and secure and there has been no data leak or breach at UIDAI,”  press release by PIB said.

It said that the data on these websites was placed in public domain as a measure of proactive disclosure under the RTI Act.