Huge cache of Aadhaar numbers in public domain, warn experts

03 May 2017

1

In a significant development considering the Indian government's increasing emphasis on Aadhaar numbers, cyber security experts have raised concerns about people using Aadhaar and one-time passwords for authentication of financial transactions after it was revealed that a large cache of Aadhaar numbers had become public.

Bengaluru-based think tank Centre for Internet and Society (CIS) has published a report highlighting how 13.5 crore Aadhaar accounts have been exposed by government departments.

The report, by Amber Sinha and Srinivas Kodali, said the National Social Assistance Programme (NSAP) and the National Rural Employment Guarantee Scheme, administered by the ministry of rural development, and the Chandranna Bima Scheme of the Andhra Pradesh government have made Aadhaar numbers public.

In some cases, bank account details and mobile numbers of millions of citizens are available. While many officials say the availability of the Aadhaar number itself is not a breach, payment industry security experts disagree.

Nitin Bhatnagar, associate VP (business) at SISA, a payment security specialist, told The Times of India the exposing of an Aadhaar number amounts to a breach. "Any element of payment data exposure is considered a breach in the payment industry," Bhatnagar said.

In December 2016, the Reserve Bank of India had allowed banks to use a combination of Aadhaar number and an OTP on the customer's phone for completing "know your customer" requirements and opening a bank account. A fraudster with the Aadhaar details of a customer can obtain a cloned SIM card and use it for fraudulent transactions.

The CIS report highlights how these public databases are exposing citizens to risk. "When Nandan Nilekani claims repeatedly that the Aadhaar data is secure, his focus is largely on the enrolment data collected by UIDAI, or authentication logs maintained by it. With countless databases seeded with Aadhaar numbers, we would argue that it is extremely irresponsible on the part of the UIDAI, the sole governing body for this massive project, to turn a blind eye to the lack of standards prescribed for how other bodies shall deal with such data, such cases of massive public disclosures of this data, and the myriad ways in which it may used for mischief," the report said.

Nilekani was the original head of the Unique Identification Authority of India. With the change of government at the centre, however, he is no longer associated with UIDAI.

Business History Videos

History of hovercraft Part 3 | Industry study | Business History

History of hovercraft Part 3...

Today I shall talk a bit more about the military plans for ...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of hovercraft Part 2 | Industry study | Business History

History of hovercraft Part 2...

In this episode of our history of hovercraft, we shall exam...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Hovercraft Part 1 | Industry study | Business History

History of Hovercraft Part 1...

If you’ve been a James Bond movie fan, you may recall seein...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Trams in India | Industry study | Business History

History of Trams in India | ...

The video I am presenting to you is based on a script writt...

By Aniket Gupta | Presenter: Sheetal Gaikwad

view more
View details about the software product Informachine News Trackers