A research report by The Centre for Internet and Society (CIS) India suggests a startling 130-135 million Aadhaar numbers and 100 million bank accounts could have been made public by 4 government portals.
Since its launch, the government’s ambitious Aadhaar project has been in the line of fire for the alleged data breaches. While the government has maintained that necessary security measures are in place to avoid leaks, a research report by The Centre for Internet and Society (CIS) India suggests a startling 130-135 million Aadhaar numbers and 100 million bank accounts could have been made public by four government portals.
The research assessed four government programmes — National Social Assistance Programme, Ministry of Rural Development, and National Rural Employment Guarantee Act (NREGA) of the Centre, and Daily Online Payment Reports under NREGA and Chandranna Bima Scheme of the government of Andhra Pradesh.
“A review of the above mentioned government schemes dashboard and portals demonstrated to us the dangers of ill-conceived data driven policies and transparency measures without proper consideration to data security measures and lapse statistical disclosure control,” the report said.
To allow banking and payments using Aadhaar, banks and government departments are seeding Aadhaar numbers along with bank account details, and it is used as the primary authentication for individuals to receive benefits from government schemes. According to the CIS research various dashboards and portals monitor the Aadhaar seeding process to track progress, and government departments are collecting this information despite the absence of information security practices to handle so much PII.
Considering over 23 crore beneficiaries have been brought under the Aadhaar programme for direct benefit transfer (DBT), a data leak closer to the number cannot be ruled out if indeed other schemes have also mishandled personally identifiable information (PII) data.
The extent of data leaks clearly indicates that even as the UIDAI proactively pushes for other databases to get seeded with Aadhaar numbers, there is little consideration to ensure security and privacy of data. It is also disheartening that the Aadhaar Act regulations have failed to put in place standards to regulate databases that use private information for their use.