‘Mere Possession’ of Aadhaar Data No Threat to Citizens, UIDAI Says After Latest Breach Scare

The Unique Identification Authority of India once again finds itself in the position of having to explain away a purported breach of its Aadhaar biometric national ID database.

This time, the issue concerns IT Grid (India), a private IT firm, which allegedly got ahold of Aadhaar data concerning 78 million citizens in the Telangana and Andhra Pradesh regions. The firm is thought to have been using the data to develop an app.

Responding to the news in a statement, the UIDAI did not deny that IT Grid (India) had obtained the data, but rather insisted that it was not the result of a hack attack or other “illegal access” of Aadhaar databases. The UIDAI suggested that IT Grid (India) may have collected this information directly from citizens, and said that it had formally requested an investigation from the Telengana Police as to the purpose of IT Grid (India)’s data collection, and whether its activities have violated any laws pertaining to Aadhaar data.

It’s only the latest security-related controversy that the UIDAI has sought to defuse, albeit a less serious one than the alleged black market sale of modified Aadhaar enrollment software reported a year ago.

In its response to this incident, the UIDAI also pointed out that the “mere possession” of Aadhaar numbers does not pose a threat to citizens’ privacy, noting that authentication based on biometrics or One Time Passwords is still required for individuals to access Aadhaar-based services. “Just like somebody merely knowing the credit card number cannot harm the credit card holder because for using it one requires PIN as a second factor authentication,” the government agency said in its statement.

Sources: The Times of India, Business Today, UIDAI

–

May 7, 2019 – by Alex Perala