Last Thursday, the CEO of the UIDAI said the biometric data attached to each Aadhaar was safe from hacking as the storage facility was not connected to the internet.
India’s biometric ID programme, Aadhaar, has been hit by another major security lapse, allowing access to private information, business technology news website ZDNet reported on Saturday.
While refuting the reports, Unique Identification of Authority of India (UIDAI) said in a statement, “there is no truth in this story as there has been absolutely no breach of UIDAI’s Aadhaar database. Aadhaar remains safe and secure”.
“UIDAI is also contemplating a legal action against ZDNet for such false and irresponsible reporting to hold them accountable,” said UIDAI spokesperson.
According to the story by ZDNet , Karan Saini, found a flaw in the system that allows anyone to download people’s private information from the Aadhaar database. This includes the 12-digit identity number, information about services they are connected to, bank details and other information.
“This is a security lapse. You don’t have to be a consumer to access these details. You just need the Uniform Resource Locator where the Application Programming Interface is located. These can be found in less than 20 minutes,” Saini told Reuters.
Saini allegedly tried to get in touch with the government on the same, but with no response.
This is the latest of the stories that cite the vulnerability of the Aadhaar database from a security breach.
The Unique Identity Association of India (UIDAI) has consistently been denying the possibility of a breach in the database.
UIDAI said that the story sourced from ZDNet relating to Aadhaar database is totally baseless, false and irresponsible. They further said that if the claim purported in the story were taken as true, it would raise security concerns on database of that Utility Company and has nothing to do with security of UIDAI’s Aadhaar database.
The UIDAI further stated that the Aadhaar number, though a personal sensitive information, is not a secret number and that the mere availability of the Aadhaar number with a third person will not be a security threat to the Aadhaar holder or will not lead to financial/other fraud, as for any transaction, a successful authentication through fingerprint, iris or OTP of the Aadhaar holder is required.
Last Thursday, the CEO of the UIDAI said the biometric data attached to each Aadhaar was safe from hacking as the storage facility was not connected to the internet.
“Each Aadhaar biometric is encrypted by a 2048-key combination and to decode it, the best and fastest computer of our era will take the age of the universe just to hack into one card’s biometric details,” Ajay Bhushan Pandey said.