Gemalto publicly apologizes for alleging massive Aadhaar data breach in report
Gemalto has retracted the claim in its Breach Level Index (BLI) that roughly 1.2 billion Aadhaar records have been compromised so far in 2018, and published an apology to the “People of India” in a leading newspaper, Moneylife reports.
Earlier this month Gemalto published the Breach Level Index, showing less frequent but larger breaches compared to last year. It originally showed Aadhaar among the top sources of data breaches globally, but was revised within days and the paid apology was issued this weekend signed by CEO Philippe Vallee.
“Gemalto wants to make it clear that this error has been corrected in the revised report,” Vallee writes. “All concerned parties should take note that we have not been able to find any verified or substantiated data breach of Aadhaar data. As a result, Gemalto has withdrawn the data breach claim from the Breach Level Index Report.”
Vallee also notes that the methodology of the report is being revisited to apply more stringent criteria and validation.
Indian publication ThePrint reports that following the initial publication of the BLI, the Unique Identification Authority of India (UIDAI) issued a circular calling for the Aadhaar system to suspend the use of the company’s products on grounds of the discovery of security issues.
Gemalto provides digital tokenisation, 10-digit fingerprint scanners and iris scanners to the Aadhaar program, as well as Hardware Security Modules (HSMs) used to store private cryptographic keys used to digitally sign and authenticate Unique Identification Numbers (UIDs).
In a statement issued between the revision of the report and the public apology and quoted by The Indian Express, the company noted that the mistaken information came from an “unverified news article.”
Indian media has reported numerous Aadhaar breaches, many of which have been denied by the UIDAI, with disputed details and degrees of impact.
Aadhaar | biometrics | Gemalto | India | UIDAI