SUMMARY
The Data Leak Revealed Sensitive Details Including A Person's Aadhaar Number, Bank Branch, IFSC Code, Account Number, Caste, Address And Other Details
In the times of Facebook’s apology over trust breach, Cambridge Analytica’s dirty data games and the EU and the UK bolstering data privacy and protecting by replacing the 1995 directive with a new strong law – GDPR, UIDAI chose to turn a blind eye over the never-ending Aadhaar data leaks.
Unlike Facebook which immediately offered its sincere apology and other private companies like Cambridge Analytica which even suspended its own chief amid data leaks, UIDAI while initially firmly fought against Indians’ right to privacy in the Supreme Court, later issued a bizarre clarification in the court that the Aadhaar data is protected by 13 Ft high and 5 Ft thick walls.
However, the bizarre clarification and the UIDAI decision to add another layer of Virtual ID security to Aadhaar, yet again, succumbed to the latest massive data leak revelation exposed recently on Twitter.
In contrast to the tall UIDAI claims, another Aadhaar whistleblower Srinivas Kodali published the screenshots of Aadhaar data details of MNREGA (Mahatma Gandhi National Rural Employment Guarantee Act) beneficiaries.
Suggesting a data leak of 8.9 Mn, the scale is much higher than Facebook’s effected data leak in India. The data leak also revealed details such as a person’s Aadhaar number, bank branch, IFSC code, account number, father’s name, address, Panchayat, mobile number, ration card number, occupation, religion and caste, on its website Andhra Pradesh Benefit Disbursement Portal.
After the expose, the website has started masking the data.
In the last two days, Srinivas has taken UIDAI on a ride, exposing three big massive Aadhaar leaks back-to-back.
A day earlier, Andhra Pradesh State Housing Corporation website in its data list titled ‘Beneficiary Details belonging to Entry Report for Scheme Hudhud’ had published the Aadhaar data of 134K people.
In another latest revelation, Srinivas has further claimed that around 69,83,048 children’s Aadhaar data is available online. Publishing the screenshots of the same, Srinivas yet again has questioned, “Who is responsible to protect their privacy – Govt, parents, teachers or SC?”
“The first leak I reported was the children’s Aadhaar detail available online, way back in February, 2017. The UIDAI has never acknowledged the leak and sees no problem with the leak.”
Earlier, the Tribune had published how a Rajasthan government’s portal login and password were on sale to access Aadhaar details. The UIDAI, in contrast of issuing an apology, had in fact went on to register an FIR against the journalist.
Interestingly, while the Indian government has expressed dissatisfaction over the “cryptic responses” shared by Facebook and Cambridge Analytica pertaining to the data breach, it has not even questioned or issued any such notice to its own organisation UIDAI, responsible for the Aadhaar data protection across the country.
On April 25, while hearing the Aadhaar case, the SC reproached the Indian government for invoking Supreme Court’s name while asking people to link Aadhaar with their mobile number. To which, the UIDAI lawyer Rakesh Dwivedi accepted the fact that there was no Supreme Court order making it compulsory to link Aadhaar with mobile phone numbers.
It’s worth noting that Ravi Shankar Prasad, Union Minister of Law, on September 10, 2017, had tweeted, “Yes, you need to link your mobile number with Aadhaar as directed by the SC.”
