After a Punjab government entity published the Aadhaar information of 20,100 citizens on its official website in August this year, the Unified Identification Authority of India (UIDAI) has reported another breach. This time around, more than 200 central and state government websites have made private Aadhaar details such as names and addresses public. As per reports, the Aadhaar issuing body confirmed the breach, without actually disclosing when it took place. The details have since been removed from the websites, a UIDAI official claimed.
Highlighting that the UIDAI itself has never publicly displayed Aadhaar details, the official said, “However, it was found that approximately 210 websites of central government, state government departments including educational institutes were displaying the list of beneficiaries along with their name, address, other details and Aadhaar numbers for information of general public.”
In response to an RTI query, the UIDAI further stated, “UIDAI has a well-designed, multi-layer approach robust security system in place and the same is being constantly upgraded to maintain the highest level of data security and integrity.”
At a time when the central government is doubling down to make Aadhaar mandatory for bank accounts, phone connections, insurance policies and even LPG connections, these breaches bring up the question of just how secure a citizen’s personal information is.
Dismissing such concerns, the UIDAI added, “Various policies and procedures have been defined, these are reviewed and updated continually thereby appropriately controlling and monitoring any movement of people, material, and data in and out of UIDAI premises, particularly the data centres.”
In its response, the authority said that it conducts regular security audits, with the aim of bolstering the system’s security and privacy of data.