FB pixel

Indian govt’s insistence that Aadhaar is secure rings hollow in wake of breaches

Indian govt’s insistence that Aadhaar is secure rings hollow in wake of breaches
 

India is bleeding biometric information, with new data breaches giving credence to a recent report by the credit rating agency Moody’s warning that Aadhaar’s centralized biometric digital ID system has privacy and security vulnerabilities.

A piece in Security Affairs reports that earlier this month, the cybersecurity firm Resecurity found hundreds of millions of records containing personally identifiable information (PII) for sale on the dark web. Aadhaar cards were among the data on offer.

Also in October, the PII of applicants to a program for young filmmakers at the International Film Festival of India was exposed on a government website for the event. The Deccan Herald reports that the Times of India was able to access a parent directory that contained the Aadhaar IDs, PAN cards and other PII of more than 100 people who applied through the National Film Development Corporation (NFDC).

Furthermore, as reported in The Hindu, a police raid on a brothel in Bengaluru found that sex workers had been given fake Aadhaar cards, and prompted an investigation into wider production of fake government IDs, voter cards and other documents.

And finally, there is the now-resolved case of fingerprint biometrics, digital ID numbers, identity documents, photographs and images submitted to Aadhaar being exposed by the West Bengal state government website.

The Indian government has shown little interest in taking responsibility for any security lapses. In response to Moody’s claims that Aadhaar’s fingerprint biometrics system is unreliable in humid climatic conditions and problematic for manual laborers, and that the centralized data management system gives users no control over their data, the Ministry of Electronics and IT published a scathing retort boldly arguing that no data breaches have been recorded and calling Aadhaar “the most trusted digital ID in the world.”

“The Moody’s report ignores that biometric submission is also possible through contactless means like face authentication and iris authentication,” the statement reads. In the case of the film festival, an unnamed government source told the Times of India that the Creative Minds of Tomorrow portal had been outsourced by NFDC to a separate web development agency, which bears responsibility for the breach. And an earlier claim about a breach on CoWIN was dismissed as mischief.

Aadhaar digital IDs use core biometric markers of 10 fingerprints and two iris scans. The ID is linked to a wide array of government services, and plans are underway to link voter registration to Aadhaar.

A recent IBM Security report pegged the average cost of a data breach in India at 179 million rupees (around US$2.1 million), a 28 percent increase from 2020.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Biometrics pilots, launches and investments foreshadow next areas for growth

Biometrics pilots, a patent, predictions and acquisitions paint a picture in the most popular news items of the week on…

 

Biometrics firms pitch privacy in age assurance ahead of US court battle

The U.S. is facing its first constitutional debate connected with age verification in 20 years: The Supreme Court will have…

 

Permira finalizes $1.3B majority stake acquisition of BioCatch

Permira Growth Opportunities has completed the acquisition of a majority position in behavioral biometrics and fraud prevention business BioCatch, four…

 

ATO attacks surge in Q2 2024, Sift warns of growing ‘Fraud-as-a-Service’ threat

A recent report highlights the growing threat of account takeover (ATO) attacks, which surged by 24 percent in the second…

 

EU AI pact sets new standards for ethical AI use across Europe

By Tony Porter, Chief Privacy Officer at Corsight AI The European Union’s AI Pact marks a crucial step towards forming…

 

Deepfake detection challenge, integration to protect content integrity unveiled

A new deepfake detection competition has been announced with the intention of advancing “next-generation deepfake detection and localization systems” development….

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

DIGITAL ID for ALL NEWS

Featured Company

ID for ALL FEATURE REPORTS

BIOMETRICS WHITE PAPERS

BIOMETRICS EVENTS

EXPLAINING BIOMETRICS