After The Tribune reported a massive Aadhaar information breach on Thursday, 4 January, the Unique Identification Authority of India (UIDAI) has denied the report and said “there has not been any data breach and that the data is fully safe and secure.”
The Tribune, in its report, claimed it had gotten access to around a billion Aadhaar numbers in 10 minutes by paying Rs 500 to an anonymous seller.
This is not the first time that Aadhaar has come into limelight for the wrong reasons. There have been several security breach allegations, most of which have been exposed through responses to Right to Information (RTI) pleas.
Here are a few times when Aadhaar data fell into the wrong hands:
1. Money in Bank Accounts Withdrawn Fraudulently Using Aadhaar Data
Recently, money was fraudulently withdrawn using customers' Aadhaar numbers from bank accounts.
According to a report by The Indian Express, four such cases were reported from Andhra Bank and one from Syndicate Bank. Over Rs 4 lakh were withdrawn from Andhra Bank, whereas over Rs 1 lakh was withdrawn from Syndicate Bank.
Speaking in the Lok Sabha on Tuesday, 2 January, Finance Minister Arun Jaitley said the banking "department has received 20 complaints of bank frauds involving Rs 7.65 lakh connected with linking Aadhaar with bank accounts since 2015,” IE reported.
2. ‘210 Govt Websites Made Aadhaar Details Public’
More than 200 Central and state government websites publicly displayed details such as names and addresses of some Aadhaar beneficiaries, the UIDAI said on 19 November 2017.
The Aadhaar issuing body said, in response to an RTI query, that it took note of the breach and got the data removed from those websites.
It did not specify when the breach took place. It said Aadhaar details have never been made public from/by the UIDAI.
"However, it was found that approximately 210 websites of central government, state government departments, including educational institutes, were displaying the list of beneficiaries along with their name, address, other details, and Aadhaar number," it said.
The UIDAI took note and got the Aadhaar data removed from the said websites, it said in a reply to the RTI application.
3. Foreign Companies Given ‘Full Access’ to Aadhaar Data
In August last year, an RTI reply disclosed that various foreign companies involved in the implementation of the Aadhaar programme got full access to personal data, ranging from fingerprints, iris scan data, date of birth to even the mobile number.
The Times of India reported that these companies may have stored such data for up to seven years. This revelation went against the UIDAI's stand on the issue, where it had maintained that Aadhaar data is not made available to any private firm.
4. Water and Sanitation Ministry Breached Aadhaar Privacy
The Union Ministry of Water and Sanitation was found to have uploaded Aadhaar numbers of beneficiaries of the Swachh Bharat Mission-Gramin on its website, The Indian Express reported on 25 April 2017.
After news of the data breach got out, the details were pulled off the website.
In another breach of privacy, on 23 April 2017, the names, addresses, bank account details and Aadhaar numbers of over a million citizens were leaked on a website managed by the Jharkhand Directorate of Social Security.
According to Section 29(4) of the Aadhaar Act, it is illegal to publish the Aadhaar numbers of consumers.
5. Mahendra Singh Dhoni’s Aadhaar Data Leaked
In March 2017, cricketer Mahendra Singh Dhoni’s wife Sakshi Singh Rawat tweeted to Minister of Information Technology Ravi Shankar Prasad saying information on Dhoni’s Aadhaar card had been made public.
Sakshi followed up with a retweet from the e-government services’ official handle, where an official is compromising Dhoni’s Aadhaar details in a moment of fan fare.
Later, the UIDAI blacklisted the Aadhaar centre for 10 years.
6. Aadhaar Details of Over a Million People Leaked
Soon after the Dhoni incident, the names, addresses, bank account details, and Aadhaar numbers of over a million citizens were leaked on a website managed by the Jharkhand Directorate of Social Security.
According to a report published in the Hindustan Times, in April last year, out of the 1.6 million pensioners in Jharkhand, 1.4 million had seeded their bank accounts with their Aadhaar numbers in order to enable a direct transfer of their monthly pension to their bank accounts, thus making their personal details available on the website.
According to the HT report, officials, when they were contacted for comment, said they had been aware of the breach for several days and that their programmers were working on it to address the matter.
(Breathe In, Breathe Out: Are you finding it tough to breathe polluted air? Join hands with FIT in partnership with #MyRightToBreathe to find a solution to pollution. Send in your suggestions to fit@thequint.com or WhatsApp @ +919999008335)
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)