Deliberate revelation of Aadhaar can lay people open to financial fraud and it is a punishable offence.
While a number of data leaks have been reported recently, this is the first time a data leak on this scale has been documented. Since the report was published, three of the four websites have masked or removed the data.
The sites included the one storing data for the mammoth MNREGA - the Central scheme for rural employment that caters to 25.46 crore people across the country. Around 10.9 crore Aadhaar numbers are stored on the MNREGA web portal; 78 lakh of these are linked to post office accounts and a whopping 8.24 crore linked with bank accounts. The report suggests that almost all the stored data was accessible until a few days ago.
The other was the National Social Assistance Programme, another Central scheme under which pension is provided to the elderly people, widows and persons with disabilities.
Videos made by CIS show a sub-section of the MNREGA site containing a lot of sensitive information that can be accessed by anyone. Besides Aadhaar, it records bank and postal account numbers and even the number of days a person worked.
The sites of the Andhra Pradesh government that compromised Aadhaar include the Chandranna Bima Scheme and the Daily Online Payment Reports of NREGA. Between them they made public 3 crore Aadhar numbers.