November 21, 2017 -
Media reports suggesting sensitive Aadhaar data has been breached are an inaccurate representation of fact, the Unique Identification Authority of India (UIDAI) said in a statement issued Monday by India’s Ministry of Electronics and IT.
Numerous media outlets reported last week that approximately 210 government websites had published personal information related to Aadhaar registrants, following a proactive disclosure by UIDAI under the RTI (Right to Information) Act. While the details were published, UIDAI says the data is public information, and no breach of Aadhaar databases had occurred.
Government departments and ministries were immediately directed to remove the data from the websites, and steps were taken to ensure the incident is not repeated, according to the statement, but no biometric information was shared, and the encrypted biometric data collected by the Aadhaar program remains secure.
UIDAI reiterated that Aadhaar is not a secret number, that it is intended to be shared with authorized agencies in order to use their services, and that it cannot be used without the associated biometrics.
“(M)ere availability of Aadhaar number will not be a security threat or will not lead to financial/other fraud, as for a successful authentication fingerprint or iris of individual is also required. Further all authentications happen in presence of personnel of respective service provider which further add to the security of the system,” the UIDAI said.
As previously reported, the Aadhaar program is said to have helped save the Indian government $9 billion. Some elements of the program remain controversial, however, as India’s Supreme Court has been petitioned to block its association with bank accounts on grounds that the link violates user privacy rights.