Thousands Of Farmers’ Aadhaar Data Exposed In Andhra Pradesh

Andhra Pradesh government has once again exposed Aadhaar data of thousands of its state farmers. The state government’s Agricultural Ministry website has publicly uploaded the list of its scheme beneficiaries containing private details such as mobile number, caste, village division, in addition to the benefactor’s aadhaar number.

This data leak was first reported by the French cybersecurity expert Baptiste Robert (who goes by the pseudonym Elliot Alderson on Twitter) yesterday on May 28.

Inc42 was also able to verify that the district-wise data of farmers was publicly available on the Andhra Pradesh government website till the evening of May 29. An Inc42 query to Andhra Pradesh Agriculture Ministry did not elicit a response till the time of publication.

This is not the first time that Andhra Pradesh government has leaked the Aadhaar data of its farmers. Earlier in 2018, Andhra Pradesh government had leaked the data of farmers who received subsidies from the Andhra Pradesh Medicinal and Aromatic Plants Board.

Prior to this, Baptiste Robert had also uploaded website links containing the Aadhaar data of thousands of Indian citizens. Interestingly, the URLs shared by the hacker at that time also belonged to the Andhra Pradesh Government’s Panchayat Raj website.

Aadhaar number is a 12-digit random number issued by the UIDAI to the residents of India after satisfying the verification process. The number is connected to citizen’s biometric thumb impression and eye scans, along with their name, permanent address, and mobile number.

Aadhaar Data Leaks

More recently in February 2019, Aadhaar details of over 6.7 Mn users containing details such as names, addresses and the numbers were leaked on Indane’s website.  The leak happened through the section of the website meant for Indane dealers and distributors, which was accessible through a username and password.

This was closely followed by another Aadhaar database leak of government workers in Jharkhand, whose details were left exposed without a password on the state government’s website.  In 2018, The Tribune has also reported  that some unidentified groups were found selling the Aadhaar data of over one billion people at just $7.88 (INR 500).

These are just a few cases among multiple Aadhaar database leak reports from government bodies. The constitutionality of Aadhaar has also been questioned earlier in a personal interest litigation (PIL) filed by a former Judge of the Karnakata High Court, Justice K S Puttaswamy.

In response to which on September 2018, the Supreme court of India upholded the constitutionality of Aadhaar but amended the Aadhaar Bill to make it only be mandatory for the filing of income tax returns and PAN linking. In contrast to the earlier version where Aadhaar was mandatory for availing a host of benefits such as schemes for the below poverty line category, LPG subsidies, midday meals in schools, etc.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.