Concerns about data security have been at an all-time high since the recent breach of credit reporting agency Equifax. However, it seems this kind of problems extend far beyond the United States' borders. According to a report by the Guardian, India's Aadhaar citizen information database has also been breached.
The Aadhaar citizen database contains particularly sensitive information like fingerprint and iris scan records in addition to names, phone numbers, emails and more. India's Tribune newspaper claims that they were able to enter an anonymous online WhatsApp group and pay a mere 500 rupees ($7.89) to gain entry to an account with access to this database.
Though the newspaper didn't clarify whether or not they were able to access such sensitive citizen information -- previously-mentioned fingerprint or iris scan records -- they have claimed that they were able to "get all particulars that an individual may have submitted to the UIDAI (Unique Identification Authority of India)," including names, addresses, photos, etc. For an additional 300-rupee ($4.71) fee, the Tribune was also able to gain access to software that allows users to print out fake Aadhaar identification cards.
The newspaper informed UIDAI officials of the situation. "Except the Director-General and I, no third person in Punjab should have a login access to our official portal," said Sanjay Jindal, Additional Director-General of UIDAI's Regional Centre in a statement. "Anyone else having access is illegal, and is a major national security breach."
While login information to the Aaadhaar database might not be terribly dangerous in the hands of a well-meaning news organization like the Tribune, the fact that such information is out in the wild has raised the ire of concerned Indian citizens, and justifiably so.
‘AADHAR’ data breached yet again!— Randeep S Surjewala (@rssurjewala) January 4, 2018
As every citizen’s personal information is exposed to hackers everyday & ‘Right to Privacy’ is mocked and flouted with impunity, Modi Govt remains immune.
Is anyone listening?https://t.co/UDSfOlSWv9
This is dangerous and criminal negligence of data security. Kudos to the reporter for unveiling the racket. A crackdown on the culprits& a corrective step is imperative: Rs 500, 10 minutes, and you have access to billion Aadhaar details https://t.co/XiYWrzs04H via @thetribunechd— Nitin A. Gokhale (@nitingokhale) January 4, 2018
After these reports came out, the Unique Identification Authority of India (UIDAI) has denied the reports, saying that "the Aadhaar data, including biometric information, is fully safe and secure," and that this breach is traceable. "UIDAI maintains complete log and traceability of the facility and any misuse can be traced and appropriate action taken. The reported case appears to be instance of misuse of the grievance redressal search facility."
UIDAI added that Aadhaar is not a secret number and it's to be shared with authorized agencies whenever a citizen wants use a certain service or benefit a government instance.