FB pixel

Indian govt’s insistence that Aadhaar is secure rings hollow in wake of breaches

Indian govt’s insistence that Aadhaar is secure rings hollow in wake of breaches

India is bleeding biometric information, with new data breaches giving credence to a recent report by the credit rating agency Moody’s warning that Aadhaar’s centralized biometric digital ID system has privacy and security vulnerabilities.

A piece in Security Affairs reports that earlier this month, the cybersecurity firm Resecurity found hundreds of millions of records containing personally identifiable information (PII) for sale on the dark web. Aadhaar cards were among the data on offer.

Also in October, the PII of applicants to a program for young filmmakers at the International Film Festival of India was exposed on a government website for the event. The Deccan Herald reports that the Times of India was able to access a parent directory that contained the Aadhaar IDs, PAN cards and other PII of more than 100 people who applied through the National Film Development Corporation (NFDC).

Furthermore, as reported in The Hindu, a police raid on a brothel in Bengaluru found that sex workers had been given fake Aadhaar cards, and prompted an investigation into wider production of fake government IDs, voter cards and other documents.

And finally, there is the now-resolved case of fingerprint biometrics, digital ID numbers, identity documents, photographs and images submitted to Aadhaar being exposed by the West Bengal state government website.

The Indian government has shown little interest in taking responsibility for any security lapses. In response to Moody’s claims that Aadhaar’s fingerprint biometrics system is unreliable in humid climatic conditions and problematic for manual laborers, and that the centralized data management system gives users no control over their data, the Ministry of Electronics and IT published a scathing retort boldly arguing that no data breaches have been recorded and calling Aadhaar “the most trusted digital ID in the world.”

“The Moody’s report ignores that biometric submission is also possible through contactless means like face authentication and iris authentication,” the statement reads. In the case of the film festival, an unnamed government source told the Times of India that the Creative Minds of Tomorrow portal had been outsourced by NFDC to a separate web development agency, which bears responsibility for the breach. And an earlier claim about a breach on CoWIN was dismissed as mischief.

Aadhaar digital IDs use core biometric markers of 10 fingerprints and two iris scans. The ID is linked to a wide array of government services, and plans are underway to link voter registration to Aadhaar.

A recent IBM Security report pegged the average cost of a data breach in India at 179 million rupees (around US$2.1 million), a 28 percent increase from 2020.

Article Topics

 |   |   |   |   | 

Latest Biometrics News


Huawei accelerates global digital transformation with digital ID, ICT and 5G projects

In recent years, global telecommunications provider Huawei Technologies has significantly ramped up its involvement in infrastructure projects aimed at supporting…


Move over, Armani: Italy’s It Wallet is the digital ID accessory of the season

Bravo to Italy for the forthcoming launch of its digital wallet scheme, clearing the path for a national digital identity…


Sumsub brings non-doc biometric identity verification to new markets

Biometric identity verification providers are expanding their market reach in various ways, including Sumsub’s support for users without ID documents…


Scottish Government emphasizes security of new platform for digital public services

Scotland is talking up the data security measures designed and build into ScotAccount, a single-sign on (SSO) service designed to…


Zambia, Namibia, Tanzania upgrade digital ID systems in concert with development partners

Zambia has carried out a major first step in its transition towards a modern legal and digital identity system, by…


Bermuda delays facial recognition deployment for national CCTV project

Bermuda’s government will not be deploying facial recognition capabilities in its CCTV system, at least for now, due to unspecified…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Featured Company