The security lapse had been flagged to some government agencies over a period of time, it has yet to be fixed. PHOTO: REUTERS
ZDNet reported that a data leak on a system run by a state-owned utility company, which it did not name, could allow access to private information of holders of the biometric “Aadhaar” ID cards, exposing their names, their unique 12-digit identity numbers, and their bank details.
But the Unique Identification Authority of India (UIDAI), which runs the Aadhaar program, said “there is no truth in this story” and that they were “contemplating legal action against ZDNet”.
ZDNet could not immediately be contacted for comment on the UIDAI’s response.
India probes report on breach of national identity database
“There has been absolutely no breach of UIDAI’s Aadhaar database. Aadhaar remains safe and secure,” the agency said in a statement late on Saturday.
“Even if the claim purported in the story were taken as true, it would raise security concerns on database of that utility company and has nothing to do with the security of UIDAI’s Aadhaar database,” it said.
More than billion users
ZDNet had reported that even though the security lapse had been flagged to some government agencies over a period of time, it has yet to be fixed. It said it was withholding the name of the utility and other details.
Karan Saini, a New Delhi-based security researcher, said that anyone with an Aadhaar number was affected.
“This is a security lapse. You don’t have to be a consumer to access these details. You just need the Uniform Resource Locator where the Application Programming Interface is located. These can be found in less than 20 minutes,” Saini told Reuters.
Critics of India's ID card project say they have been harassed, put under surveillance
In recent months researchers and journalists who have identified loopholes in the identity project have said they have been slapped with criminal cases or harassed by government agencies because of their work.
Aadhaar, a biometric identification card with over 1.1 billion users, is the world’s biggest database.
But it has been facing increased scrutiny over privacy concerns following several instances of breaches and misuse.
Last Thursday, the CEO of the UIDAI said the biometric data attached to each Aadhaar was safe from hacking as the storage facility was not connected to the internet.
“Each Aadhaar biometric is encrypted by a 2048-key combination and to decode it, the best and fastest computer of our era will take the age of the universe just to hack into one card’s biometric details,” Ajay Bhushan Pandey said.
1732354127-0/Untitled-design-(3)1732354127-0-270x192.webp "north america s oldest macaroni penguins mark their 40th year")
1732344836-0/BeFunk_§_]__-(37)1732344836-0.jpg "israeli attack targets hospital killing seven medics in lebanon")
COMMENTS
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ