Massive Aadhaar Failure – Jharkhand Govt Website Accidentally Leaks Over 1 Million Aadhaar Data Of Pensioners
In one of the biggest failures related to Aadhaar security, a website maintained by Jharkhand Govt. has accidentally leaked more than 1 million Aadhaar records of pensioners. The breach was reported by Indian Express newspaper on Saturday, and after that, the website was blocked.
On Monday, the website has been restored, and the breach has been repaired.
But, as per reporters who accessed sensitive data of more than 10 lakh pensioners claimed that they are really not aware that how long the data leak happened, and whether the data has been stolen or not.
In their short 8 years of existence, this is UIDAI and Aadhaar’s biggest failure in keeping the data safe.
The Aadhaar Leak – How It Happened?
The website of Women and Child & Social Security of the Government of Jharkhand is maintained by Jharkhand Directorate of Social Security. A section of the website enlists data about pensioners who are living in each district of the state.
Due to a programming error in the website, the database which contained details about all pensioners, their Aadhaar numbers, their bank account name, number and the amount of pension transferred every month is accessed publically, on Saturday.
As per Aadhaar Act, this data should have been kept as protected, and hidden from public eyes.
The state of Jharkhand has 1.6 million pensioners, out of which 1.4 million has connected their bank accounts directly with the Aadhaar database.
As per the investigation, a database of these 1.4 million pensioners was accessible on Saturday.
Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 clearly says: “No Aadhaar number or core biometric information collected or created under this Act in respect of an Aadhaar number holder shall be published, displayed or posted publicly, except for the purposes as may be specified by regulations.”
The leak came into light when UIDAI office in Ranchi informed the Department of Women and Child & Social Security, Jharkhand about the public visibility of Aadhaar data on their website.
Director (Social Security) Ram Parvesh said, “We got a call from the UID cell telling us that the Aadhaar numbers of pension beneficiaries were being displayed on the website. We are aware of the seriousness (of the matter) and we will try to find out how and from where did this mistake happen..”
As per Ram Parvesh, Project Management Unit in the Director’s cell managed and maintained the database of pensioners, and investigation would be now carried over to determine how this massive data leak happened.
Aadhaar Security: What Is The Future?
After this recent data leak, questions are again being raised about its security and safety.
Last month, a Govt. agency concerned with Aadhaar enrollment in Ranchi accidentally leaked cricketer MS Dhoni’s Aadhaar data on Twitter.
We had earlier reported how a simple Google search can reveal thousands of rows of Aadhaar data, a breach which still open, and available anyone (including hackers) to exploit.
In February, Aadhaar based transactions by Axis Bank was banned, after misuse of biometric data was revealed to syphon off black money.
Interestingly, Supreme Court has already questioned Centre on their decision to make Aadhaar as a compulsory requirement for filing Income Tax returns and for getting a PAN Card. Earlier, Supreme Court
In January, Supreme Court had expressed their displeasure over private agencies collecting Aadhaar data of citizens and had demanded answers regarding its safety.
Supreme Court will announce its verdict on the fate of Aadhaar Card being made mandatory, this week. It would be interesting to observe how this recent Aadhaar data leak by Jharkhand Govt. impact Supreme Court’s decision.