Biggest blast on Aadhaar leak so far: govt sites leaked data of 13 crore people
In yet another shocking report of personal data breach in India, it has emerged that Aadhaar data of 13 crore people was put out on websites of four major government projects in the country. The leaked data include bank account details of over one crore people linked to Aadhar numbers under the direct benefit scheme. Over eight crore people lost their private data on the national job guarantee scheme website alone.
The article by Jikku Varghese Jacob was published by Manorama on May 2, 2017.
The shocking details have surfaced in a report released by the Center for Internet Society (CIS) which deals with the publication of Aadhaar data and their security. It appears to be the biggest blast on Aadhaar data leak yet. The report says these pieces of information were available on Internet since last November. Once detected, the CIS officials had initiated steps to remove them.
The CIS report cites two central government portals and websites from Andhra Pradesh as violators. Following are the websites that published the data:
- National Social Assistance Programme (under the Ministry of Rural Development).
- The national portal of the job guarantee scheme.
- Daily online payment reports (Government of Andhra Pradesh)
- Chandranna Bheema project (Government of Andhra Pradesh)
Private data of 1,59,42,083 people were leaked on the social assistance scheme site. The two Andhra Pradesh sites breached the privacy of three crore people.
Information leaked on most of the sites could be downloaded as Excel sheet. It is estimated that data on 23 crore people is linked to Aadhaar under the direct benefit scheme.
The CIS fears that if other government sites have also handled such data without care there could have occurred a massive data base breach. The CIS put in months of effort before finalizing this report.
It was recently found that Aadhaar data on 35 lakh people in Kerala was found disclosed on the state's Sevana Pension website. In Jharkhand, 14 lakh people had their privacy violated when their Aadhaar information was put out on a government website.
Such leaks of Aadhaar data is a crime that can fetch up to three years of imprisonment. Complaints have arisen that government departments did not bother to comply with an IT ministry directive last month to remove the Aadhaar data from websites.
Experts point out that criminals can misuse personal data on Aadhaar and bank account. The data could be used to obtain SIM cards and carry out transactions online.
Aadhaar, the world's largest bio-metric enrolment in India, will enrol 1.2 billion people in a 12-digit unique number for each person to be issued to each resident in the country. The number with its biometric information – photograph, fingerprints and iris scan – of each individual is easily verifiable in an online.