Team Herald
NEW DELHI: Debunking the claim of government agency UIDAI (Unique Identification Authority of India (UIDAI) that its Aadhaar data is “fully safe and secure,” English daily The Tribune published from Chandigarh and other places how it “purchased” in just Rs 500 unrestricted access to details of more than 1 billion Aadhaar cards created in India so far.
The newspaper team paid another Rs 300 and got the software loaded on a computer to print the Aadhaar card after entering the Aadhaar number of any individual. It purchased the service offered by anonymous sellers over WhatsApp, paying through Paytm, and in 10 minutes an “agent” of the group running the racket created a “gateway” and gave a login ID and password.
It enables one to enter any Aadhaar number and instantly get all the particulars submitted to the UIDAI like name, address, postal code(pin number), photograph, phone number and email.
UIDAI on Thursday filed a police case of the data theft even while insisting that there has been no breach as the biometric information like finger prints and iris scan of eye are “fully safe and secure.”
“There has not been any data breach of biometric database which remains fully safe and secure with highest encryption,” the UIDAI said, underlining that mere display of demographic information cannot be misused without biometrics.
It said the login details provided to the newspaper “appear to be instance of misuse of the grievance redressal search facility” given to designated personnel and state government officials to access details of any individual by entering his Aadhaar or enrolment number.
This, however, provides only a limited access to basic details of an individual and does not include access to the most crucial biometric details. It says the system has enough builtin checks and balances to trace every piece of data access to punish any deviation.
The Tribune published details of the person as Anil Kumar having WhatsApp number 7610063464, apparently a mobile number, and Rs 500 was paid to him on Paytm No 76100 63464 and in return he sent an email saying: “You have been enrolled as Enrolment Agency Administrator for CSC SPV. Your enrolment agency administrator ID is ‘Anamika_6677.” Password was sent through a separate mail.
On contacting him for software to print Aadhaar card, he asked for Rs 300 deposited in Paytm No 8107888008 in the name of Raj. Once paid, one Sunil Kumar rang up from another mobile number 7976243548 and installed the software on the correspondent’s computer by remotely logging in through ‘TeamViewer.’
The Tribune says its investigations reveal that the racket may have been started around six months ago by creating some anonymous groups on WhatsApp and these groups targeted over 3 lakh village-level enterprise (VLE) operators hired by the Ministry of Electronics and Information Technology under Common Service Centres Scheme (CSCS) across India, offering them access to UIDAI data.
The CSCS operators, who were initially tasked to make Aadhaar cards across India, were rendered idle after the job was withdrawn from them. The service is now restricted to post offices and designated banks to avoid any security breach in November last year.
Sanjay Jindal, additional director-general of UIDAI regional centre in Chandigarh, said except the Director-General and himself, “no third person in Punjab should have a login access to the official portal and anyone else having access is illegal and is a major national security breach.”
