Centre for Internet & Society

The huge leak of Aadhar data from four websites belonging to a central ministry and the Andhra Pradesh government has been on the government radar for a while. The leak, caused by poor security protocols, had left around 130 million numbers and their allied information, like bank and post office account details, open to access for several months. As the last website finally plugged loophole, violation echoed in Supreme Court.

The blog post by Manas Pratap Singh was published by NDTV on May 4, 2017.

Deliberate revelation of Aadhaar can lay people open to financial fraud and it is a punishable offence and this is what the Electronics and Information ministry has reminded all government departments.

"Aadhaar numbers and demographic information and other sensitive personal data" collected by "ministries/departments, state departments" have been published online, read a letter from the ministry dated April 24.

Such publishing, it added, "is in clear contravention of the provisions of the Aadhaar Act 2016 and constitutes an offence punishable with imprisonment upto 3 years". Such outing of financial information is also a violation of IT Act, it said.

Besides asking web managers to sensitise the ministries, the letter also said that display of such information be stopped immediately.  

On May 1, a report by non-profit research organisation Centre for Internet & Society said two of the websites from where the data leak took place, belongs to the Union Ministry of Rural Development.

One stored data for the MNREGA - the mammoth Central scheme for rural employment which caters to 25.46 crore people. The other was the National Social Assistance Programme, another Central scheme under which pension is provided to the elderly people, widows and persons with disabilities.

Amber Sinha, co-author of the CIS report, told NDTV, "For portals that had not masked data, we informed the relevant authorities and asked them to take down the available information."

The Rural Development ministry has now decided to form an expert group on IT and cyber security, which will be headed by Kiran Karnik, a former chief of Nasscom. The ministry, however, is yet to comment on the data leak.