Aadhaar data breach: UIDAI denies reports, says stringent enrolment and updation process in place

UIDAI today said that the enrolment software comes with necessary safeguards and checks to protect against any manipulation.

  • Published: May 3, 2018 4:39 PM IST
aadhaar card image

Aadhaar has become an important document that is now accepted as an identity and address proof. But recent reports about data breach with vital data of billions being sold for a mere Rs 500 is alarming. But UIDAI has time and again defended saying that Aadhaar data is safe, and there have been no leaks. has released a statement on its blog saying, “Lack of critical safeguards and compromised systems in Aadhaar places Indians at risk. With the demographic data reportedly compromised, it is hard to see how Aadhaar can be trusted for authentication. Access to myriad vital public and private services which require Aadhaar for more than a billion Indians is now at risk.”

Mozilla has also urged the UIDAI to close the security loopholes, and also hire an independent firm that can audit the security of Aadhaar. It has also called the “Justice Srikrishna Committee and the Government of India to ensure that the forthcoming data protection bill strongly protects Indians”.

Watch: Nokia 8 Sirocco First Look

Discrediting the reports as “baseless and false”, UIDAI today said that the enrolment software comes with necessary safeguards and checks to protect against any manipulation. It follows a “stringent enrolment and updation process” for issuance of Aadhaar cards. The authority also said that it has blacklisted more than 50,000 operators for various violations, amid reports of a breach in its enrolment software.

The statement comes after reports of alleged tampering of the Aadhaar enrolment software and being sold in the black market, which purportedly bypasses operators’ biometric authentication and facilitates issuance of Aadhaar cards without any documents.

Emphasizing its “zero tolerance policy” when it comes to ensuring security and safety of its processes, UIDAI said that any operator found to be violating its stipulated processes or those indulging in any type of fraudulent or corrupt practices, are blocked, blacklisted and also face stiff financial penalty of up to Rs 1 lakh per instance. “All such enrolment attempts get rejected and Aadhaar is not generated. As on date more than 50,000 operators have been blacklisted,” the UIDAI said in a statement.

“No operator can make or update Aadhaar unless the resident himself or herself gives his or her biometric. Any enrolment or update request is processed only after biometric of resident is authenticated,” UIDAI said. The system is designed to match all the biometric, including 10 fingerprints and both irises of a resident enrolling for Aadhaar before making any changes. Only once all checks are found to be successful, enrolment or updation request of the resident is further processed.

UIDAI also says that before the data is updated, the backend system also verifies “biometric check of operator, validity of operator, enrolment machine, enrolment agency and registrar”. In case any of the check fails, the enrolment request is rejected, and action is taken against such operators.

With inputs from PTI.

  • Published Date: May 3, 2018 4:39 PM IST