Aadhaar numbers and personal information of as many as 135 million Indians could have been leaked from four government portals due to lack of IT security practices, the Centre for Internet and Society has claimed. Also Read - Cryptocurrency regulation bill: How worried are Indian investors?Also Read - Indian mobile gaming market to shoot up to at least $5 billion by 2025: Report
“Based on the numbers available on the websites looked at, estimated number of Aadhaar numbers leaked through these four portals could be around 130-135 million,” the report by CIS said.
Further, as many as 100 million bank account numbers could have been “leaked” from the four portals, it added. The portals where the purported leaks happened were those of National Social Assistance Programme, National Rural Employment Guarantee Scheme, as well as two websites of the Andhra Pradesh government.
“Over 23 crore beneficiaries have been brought under Aadhaar programme for DBT (Direct Benefit Transfer), and if a significant number of schemes have mishandled data in a similar way, we could be looking at a data leak closer to that number,” it cautioned. ALOS READ: Aadhaar details of over 1.4 million citizens leaked by Jharkhand govt website: Report
The disclosure came as part of a CIS report titled ‘Information Security Practices of Aadhaar (or lack thereof): A Documentation of Public Availability of Aadhaar Numbers with Sensitive Personal Financial Information’. When contacted, a senior official of the Unique Identification Authority of India (UIDAI) said that there was no breach in its own database. The UIDAI issues Aadhaar to citizens.
The CIS report claimed that the absence of “proper controls” in populating the databases could have disastrous results as it may divulge sensitive information about individuals, including details aboutaddress, photographs and financial data. ALOS READ: Aadhaar is robust, safe, secure and totally accountable: Ravi Shankar Prasad
“The lack of consistency of data masking and de- identification standard is an issue of great concern…The masking of Aadhaar numbers does not follow a consistent pattern,” the report added.