Aadhaar Details Of 13.5 Crore People Available On Government Sites

The NREGA portal is seeded with almost 11 crore Aadhaar numbers, according to the CIS report.

An Aadhaar biometric identity card, issued by the Unique Identification Authority of India (UIDAI). (Photographer: Dhiraj Singh/Bloomberg)

Up to 13.5 crore Aadhaar numbers can be easily accessed through government portals and nearly three-fourths of these are linked to bank accounts, said non-profit research organisation the Centre For Internet & Society (CIS).

Calling the Unique Identification Authority of India (UIDAI) “extremely irresponsible” in maintaining privacy standards, CIS blamed the Aadhaar governing body for turning a "blind eye" to the lack of standards regarding use of Aadhaar data by private and public bodies

"It is staggering that while these databases have existed in the public domain for months, while framing the Aadhaar Act Regulations in late 2016, the UIDAI did not even deem these as important matters to be addressed by way of regulations or standards," CIS said in a report titled ‘Information Security Practices of Aadhaar (or lack thereof)’.

Also Read: Aadhaar Case: Right Over Your Body Not Absolute, Government Argues In Supreme Court

The report comes amid a debate over privacy concerns regarding Aadhaar, especially over private companies getting access to the unique biometric identity database. The government has also made Aadhaar mandatory to file income tax returns. The Supreme Court is hearing a clutch of petitions challenging that how a voluntary programme like Aadhaar can be made mandatory.

The CIS report points out several government sites which showcase inefficiently masked Aadhaar codes with sensitive personally identifiable information, also available for download as spreadsheets.

Also Read: In Defence Of Aadhaar - Nandan Nilekani

The National Social Assistance Programme (NSAP) portal, which holds details of citizens enrolled for pension, family, maternity and disability benefits schemes lists sensitive personally identifiable information such as bank account numbers, Aadhaar numbers, account frozen status and job card numbers of beneficiaries. So does the portal for the National Rural Employment Guarantee Scheme, with additional details, which is seeded with almost 11 crore Aadhaar numbers, according to the report.

Other websites cited by the report include the Daily Online Payment Reports portal and the Chandranna Bima Scheme portal, both under the Andhra Pradesh government.

“Aadhaar numbers leaked through these four portals could be around 13-13.5 crore and the number of bank accounts numbers leaked at around 10 crore from the specific portals we looked at,” the report read.

While the Aadhaar numbers are partially masked, the pattern is inconsistent, the report points out.

In some instances, the first four digits were masked, while in others the middle digits were masked. Given the multitude of databases publicly available, someone with access to different databases could use tools for aggregation to reconstruct information hidden or masked in a particular database.
CIS Report

The availability of this data in spreadsheets from different sources may also lead to the increased risk of reconstruction of masked or undisclosed information.

To make things easier for potential hackers, the Chandranna Bima portal also leads to MS Access databases of all the data without any masking, the report said.

Also Read: Project Aadhaar Is All About Compulsion, Not Consent: Usha Ramanathan

Watch LIVE TV , Get Stock Market Updates, Top Business , IPO and Latest News on NDTV Profit.
GET REGULAR UPDATES