New Delhi: Around 130 million Aadhaar numbers, sensitive data meant to remain private, have been out in the public domain for last few months. Deliberate revelation of Aadhaar can lay people open to financial fraud and it is a punishable offence. But here, the culprit was poor security protocols of websites belonging to the Centre's rural development ministry and the state government of Andhra Pradesh, reported the Centre of Internet & Society, a non-profit research organisation.
While a number of data leaks have been reported recently, this is the first time a data leak on this scale has been documented. Since the report was published, three of the four websites have masked or removed the data.
The sites included the one storing data for the mammoth MNREGA - the Central scheme for rural employment that caters to 25.46 crore people across the country. Around 10.9 crore Aadhaar numbers are stored on the MNREGA web portal; 78 lakh of these are linked to post office accounts and a whopping 8.24 crore linked with bank accounts. The report suggests that almost all the stored data was accessible until a few days ago.
The other was the National Social Assistance Programme, another Central scheme under which pension is provided to the elderly people, widows and persons with disabilities.
Videos made by CIS show a sub-section of the MNREGA site containing a lot of sensitive information that can be accessed by anyone. Besides Aadhaar, it records bank and postal account numbers and even the number of days a person worked.
On the NSAP site, the CIS found, a simple tweak provides access to Aadhaar of 94 lakh beneficiaries and almost 15 lakh post office accounts linked to it, as well as bank details. The total number of Aadhaar made public here are 1.59 crore.
The sites of the Andhra Pradesh government that compromised Aadhaar include the Chandranna Bima Scheme and the Daily Online Payment Reports of NREGA. Between them they made public 3 crore Aadhar numbers.