Aadhaar Data Breach: Large scale breach of Aadhaar data by a firm linked to ruling TDP in Andhra Pradesh raises serious questions about the safety of personal data of crores of Indians. Though UIDAI Wednesday rejected the reports that Aadhaar data was accessed by breaching security of its servers – Central Identities Data Repository (CIDR), the investigation carried out by Telangana police clearly highlights the potential of large scale misuse Aadhaar data by vested interests including its misuse in profiling of voters and even for deletion of their names from electoral roll.
“Our CIDR and servers are completely safe and fully secure and no illegal access was made to CIDR and no data has been stolen from our servers,” UIDAI said in the statement.
UIDAI also said that mere possession of Aadhaar data by someone will not lead to its potential misuse or cause any harm to Aadhaar holder because for assessing any Aadhaar based services, biometrics or One Time Password (OTP) will also be required.
Though, UIDAI has claimed that its servers have not been breached, but the fact that a private company was collecting and storing Aadhaar numbers at such a massive scale for profiling of voters, even linking them with government schemes and surveys raises serious questions about the checks and procedures to regulate the entire Aadhaar eco-system.
What is the case
Last month, Telangana Police had filed a FIR against information technology company IT Grids (India) Pvt Ltd for illegally collecting and possessing Aadhaar data of nearly 8 crore Indian citizens in Andhra Pradesh and Telangana for profiling of voters. A subsequent analysis by Telanagana State Forensic Science Laboratory (TSFSL) showed that the company was in possession of a whopping 7,82,21,397 crore Aadhaar numbers in a particular structured format.
This breach is different from previous reported cases where the magnitude of breach was nothing in comparison with the present case.
Second, complicity of the state machinery cannot be ruled out as according to the FIR, the company was using the information for development of ruling Telugu Desam Party’s mobile application – Seva Mitra.
What’s the impact on Andhra-Telangana elections
IT Grids (India) was in possession of citizen’s information organised in 18 different data points, including EID and UID numbers, citizen’s name, father or husband’s name, date of birth, address, pin code and citizen’s phone number among other things.
According to the information available on Google Play Store, the Seva Mitra Application has been downloaded by more than one lakh Android users and its developer is the same company that has been named by Telangana Police in its FIR – IT Grids (India) Private Limited.
Telangana Police said: “Further it is strongly believed that identity information related to Aadhaar is being used by the accused, who is director of IT GRIDS INDIA PVT LTD for the purpose of mapping of voters with beneficiaries of various government schemes and results of surveys conducted by the government.”
Whether Aadhaar data taken outside India
In its FIR, Telangana Police said that the accused company also stored Aadhaar Data base in the servers of Amazon Web Services, USA.
It said the evidence gathered so far points to the fact that the accused has hosted the Aadhaar database in Amazon Web Services, USA in contravention of Section of Aadhaar Act, 2016.
“There is every possibility that sensitive data of Indian citizens could be accessed and used by countries hostile to India or International Organised Crime Syndicates in a manner which could seriously be detrimental to National Security,” said Telangana police in its FIR.