New Delhi: The UIDAI, the body that governs Aadhaar, has maintained that its database is secure with them. But there have been reports of multiple government departments using the Aadhaar data and have been found disclosing private details of lakhs of citizens. Despite these leaks being reported, no substantial action seems to have been taken.
A Hyderabad-based cyber security researcher found 3 different portals of the Andhra Pradesh government disclosing Aadhaar numbers of 90 lakh adults and 70 lakh children in the last seven days.
The Jharkhand government's social security department was found to have recently published Aadhaar numbers of 15 lakh pensioners on its website. The Chandigarh Public Distribution scheme website disclosed Aadhaar numbers of 5 lakh ration card holders. The Kerala government's pension scheme website was found to have displayed the unique identification numbers of 35 lakh pensioners.
In November last year, the UIDAI (Unique Identification Authority of India) said that 210 central and state government websites had publicly displayed Aadhaar details.
Srinivas Kodali, the cyber security researcher who found 3 Andhra Pradesh government portals disclosing Aadhaar data, said government officials want to link "everything" to Aadhaar since it eases their administrative tasks. "But when you do this, you stop securing it and leaks become easier. You don't know which data is to be disclosed publicly and which one is to be safeguarded. The UIDAI and state officials hound the whistle-blowers and go after them instead of figuring out the problem. Just like the way they reacted when Rachna Khaira reported in The Tribune about buying Aadhaar data of millions for Rs 500."
Public display of Aadhaar numbers is illegal under the Aadhaar Act 2016 but the UIDAI, which has filed 30 police complaints so far for alleged violations of the law, including those against journalists and cyber security researchers, has not taken any action against the government departments that put up the Aadhaar data.
The UIDAI did not respond when NDTV contacted the agency.
Experts believe that the problem also lies in the Aadhaar laws. Supreme Court lawyer and cyber law expert, Pavan Duggal said, "I believe the Aadhaar ecosystem is completely unsafe. There is so much Aadhaar information flowing in this ecosystem and the Aadhaar Act is completely deficient in addressing the ecosystem related legal issues... The Aadhaar Act strips the citizens of India, all Aadhaar card holders of even their basic right to report about misuse of Aadhaar. You cannot register an FIR, only the UIDAI can."