Aadhar breach reports false, system is secure: UIDAI

Image Courtesy: Hindustan Times                                                                                                  UIDAI, while dismissing the allegations, said that claims of bypassing or duping the Aadhaar enrolment system are totally unfounded as it has appropriate checks in place.




New Delhi, January 05: The Unique Identification Authority of India (UIDAI), on Thursday, dismissed reports of alleged sharing of Aadhaar details and claimed complete security of its system. Recently, news reports revealed that anonymous sellers were in the process of offering unrestricted access to Aadhaar details over WhatsApp, upon payment of Rs. 500, reported Livemint.

The UIDAI, in an official statement, also ascertained that any misuse of details is traceable as it maintains complete log of numerous functions. For any such violation of data security, it added, legal action inclusive of FIR against the entities initialising the malpractices, is being undertaken.

According to the Livemint, the agency claims of providing “search facility” for the purpose of grievance redressal to designated personnel as well as state government officials in order to help residents, strictly only upon entering their Aadhaar number.

According to the Aadhaar-issuing agency, its grievance redressal search facility offers solely restricted access to name and other details; it has no access to biometric ones.

At the same time, Aadhaar number is not a secretive, and is meant to be legitimately shared with authorised agencies whenever an Aadhaar holder wishes to avail services and benefits offered through the medium of government welfare schemes.

“Also, mere availability of Aadhaar number will not be a security threat or will not lead to financial/other fraud, as for a successful authentication, fingerprint or iris scan of individual is also required,” it added.

Aadhar Data leaked, software engineer accused

Our Aadhar details are promised to be kept secured with the government of India. After numerous breeches and data leaks, yet again a software development engineer working in Ola’s head office at Koramangala was arrested on account of misusing Aadhar data obtained without authentication.

A complaint was filed by the Unique Identification Authority of India (UIDAI) against Abhinav Srivastav (31), an IIT Kharagpur graduate who is accused of hacking into the data repository of UIDAI, gaining access through the e-hospital server, an initiative by the Government of India.

The complaint to the police was made on 26th July, which stated that Srivastav had accessed the data without authorization between January 1  and July 26 via an app called ‘eKYC Verification’.

The app is developed by an entity linked to a start-up Quarth Technologies, which is acquired by taxi service giant Ola. The app provided demographic details to users, it had 50,000 downloads. Srivastav had already earned Rs. 40,000 through advertisements.

After hacking into the server, he used it to send verification requests to the UIDAI database for his own app. The UIDAI system allowed access under the impression that the authentication requests were from the e-hospital system hence not unauthorized,’’ a police source said. Investigations proceed to confirm if the app he developed was used in any form by Ola.

The e-hospital app, hosted on the cloud services of NIC, facilitates online appointments at hospitals using eKYC data of Aadhaar number, if patient’s mobile number is registered with UIDAI, if not it uses the patient’s name. Srivastava’s eKYC Verification app mimicked the e-hospital app in accessing the identity authentication services of UIDAI.