Aadhaar Data of 130 Millions, Bank Account Details Leaked from Govt Websites: CIS Report

Even as the Modi government brazenly claims in the Supreme Court that there is no threat to security leaks from the Aadhar UID Initiative, the Centre for Internet and Society has released a report that reveals the Information Security Practices of Aadhaar (or lack thereof): A documentation of public availability of Aadhaar Numbers with sensitive personal financial information.

Since its inception in 2009, the Aadhaar project has been shrouded in controversy due to various questions raised about privacy, technological issues, welfare exclusion, and security concerns. In this study, we document numerous instances of publicly available Aadhaar Numbers along with other personally identifiable information (PII) of individuals on government websites. This report highlights four government projects run by various government departments that have made sensitive personal financial information and Aadhaar numbers public on the project websites.

In the last month, there have been various reports pointing out instances of leakages of Aadhaar number through various databases, accessible easily on Twitter under the hashtag #AadhaarLeaks. Most of these leaks reported contain personally identifiable information of beneficiaries or subjects of the leaked databases containing Aadhaar numbers of individuals along with other personal identifiers. All of these leaks are symptomatic of a significant and potentially irreversible privacy harm, however we wanted to point out another large fallout of these leaks, those that create a ripe opportunity for financial fraud. For this purpose, we identified benefits disbursement schemes which would require its databases to store financial information about its subjects. During our research, we encountered numerous instances of publicly available Aadhaar Numbers along with other PII of individuals on government websites. In this paper, we highlight four government projects run by various government departments with publicly available financial data and Aadhaar numbers. Our research is focussed largely on the data published by or pertaining to where Aadhaar data is linked with banking information. We chose major government programmes using Aadhaar for payments and banking transactions. We found sensitive and personal data and information very easily accessible on these portals.

Courtesy: CIS Report



Related Articles