The Unique Identification Authority of India has said that more than 200 central and state government websites publicly displayed details such as names and addresses of some Aadhaar beneficiaries. It said Aadhaar details have never been made public from/by UIDAI. In response to an RTI query, the Aadhaar issuing body said that it took note of the breach and got the data removed from those websites. It did not specify when the breach took place. “However, it was found that approximately 210 websites of central government, state government departments including educational institutes were displaying the list of beneficiaries along with their name, address, other details and Aadhaar numbers for information of general public,” it said. The UIDAI took note and got the Aadhaar data removed from the said websites, it said in reply to the RTI application. UIDAI issues Aadhaar — a 12-digit unique identification number — which acts as a proof of identity and address anywhere in the country. The central government is in the process of making Aadhaar mandatory for people to avail benefits of various social service schemes. “UIDAI has a well-designed, multi-layer approach robust security system in place and the same is being constantly upgraded to maintain highest level of data security and integrity,” the RTI reply said.
The architecture of the Aadhaar ecosystem has been designed to ensure data security and privacy which is an integral part of the system from the initial design to the final stage, it said. “Various policies and procedures have been defined, these are reviewed and updated continually thereby appropriately controlling and monitoring any movement of people, material and data in and out of UIDAI premises, particularly the data centres,” the UIDAI said. It said security audits are conducted on a regular basis to further strengthen security and privacy of data. Besides this, all possible steps are taken to make the data safer and protected, the authority said.