FB pixel

UIDAI denies reported major Aadhaar security breach

 

The Unique Identity Authority of India (UIDAI) has responded to a media report claiming that access to the entire Aadhaar database could be purchased for 500 rupees (roughly $8) by saying that no biometric data has been breached, The Indian Express reports.

The Chandigarh-based Tribune media outlet claimed not only that it had purchased unrestricted access to details for any of the more than one billion Indian citizens from an anonymous WhatsApp user, but also that for an even smaller sum, it had purchased software enabling fake Aadhaar cards to be printed.

The UIDAI responded with a statement: “UIDAI reassures that there has not been any data breach of biometric database which remains fully safe and secure with highest encryption at UIDAI and mere display of demographic information cannot be misused without biometrics.”

Local UIDIA officials expressed shock when told of the data’s availability, according to the report. “Except the Director-General and I, no third person in Punjab should have a login access to our official portal. Anyone else having access is illegal, and is a major national security breach,” Chandigarh UIDAI Regional Center Additional Director General Sanjay Jindal was quoted as saying.

The official UIDAI response, however, attributed the case to a “misuse of the grievance redressal search facility.” The agency said it would take criminal action against those responsible, but also that “Aadhaar data is fully safe and secure and has robust, uncompromised security.”

Even without the associated biometric information, Lisa Baergen, director at NuData Security, says it illustrates the importance of applying strong data security to personally identifiable information (PII).

“This kind of data breach shows how easy it can be for cybercriminals to access PII, and how organized cybercriminals can be in distributing this information — in this particular instance using anonymous WhatsApp groups to offer their services,” Baergen comments. “The UIDAI have suggested that no biometric data was accessed, but even so, the amount of PII that has been accessed provides a healthy pipeline for future cybercriminals. In future, organizations should take more stringent security measures in protecting PII, including passive biometrics and two factor authentication.”

As previously reported, the UIDAI was forced to issue a statement in November asserting that the publication of Aadhaar numbers and other information did not constitute a major security breach, as Aadhaar numbers themselves are not secret, and can only be utilized with the biometrics of the individual.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

How the ID industry can become more sustainable – and help to raise awareness for greener travel

By Tobias Nuessle, COO of Veridos The travel and tourism industry is a significant contributor to global CO2 emissions. Various…

 

Biometrics upgrades arriving at borders (but check the schedule for updates)

New biometric technology is coming to borders in Europe and the UK, but as reflected in several of Biometric Update’s…

 

What is the killer app for verifiable credentials? Daon, Dock and Youverse discuss

Industries such as financial services, healthcare, transport, government and more are increasingly adopting digital verifiable credentials connected to biometrics. Their…

 

Veteran biometrics leaders join FaceTec, Credence, ID.me adds ex-Meta exec

The latest round of appointments in the biometrics and identity management sector includes a former leader of federal government sales…

 

EU announces phased approach for EES

The European Union has proposed a progressive introduction of its biometric traveler registration scheme, the Entry-Exit System (EES). On Wednesday,…

 

Drowsy drivers to get AI-assisted safety prompts

Fatigued drivers are one of the most common hazards on the road, but sleepy-heads on commercial wheels are to get…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events