New Delhi, Mar 24: The Unique Identification Authority of India (UIDAI) on Saturday refuted all the reports of data breach saying that the biometric ID programme remains “safe and secure”. Terming the reports as “totally baseless, false and irresponsible”, UIDAI said, “There is no truth in this story as there has been absolutely no breach of UIDAI’s Aadhaar database.”
“UIDAI today has refuted reports in a certain section of media sourced from the news website ZDNet which has quoted a person purportedly claiming to be a security researcher that a state-owned utility company has vulnerability which can be used to access a huge amount of Aadhaar data including banking details,” UIDAI said in a statement.
The response from UIDAI came hours after a technology news portal, ZDNet, claimed that a system of state-owned utility firm was allegedly been used to leak private information of Aadhaar holders such as names, their unique 12-digit identity numbers, and their bank details. It also said that the security lapses, that were flagged to some government agencies, remain to be fixed.
The ZDNet report said that “a data leak on a system run by a state-owned utility company can allow anyone to download private information on all Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and information about services they are connected to, such as their bank details and other private information.”
“The story is totally baseless, false & irresponsible. It purports that the database of a state Utility company containing its customer details such as bank account numbers, consumer number, Aadhaar number (not the biometrics), etc., has vulnerability,” the statement said.
In its response, the UIDAI also argued that even if the claim purported in the story were taken as true, it would raise security concerns on the database of that Utility Company. The report “has nothing to do with the security of UIDAI’s Aadhaar database,” it added.
“If one goes by the logic of ZDNet’s story, since the Utility company’s database also had bank account numbers of its customers, so would that mean that all Indian banks’ databases have been breached? The answer would obviously be in negative,” it said, adding, “Further, one must understand that the Aadhaar number, though a personal sensitive information, is not a secret number.”
The UIDAI also advised people to not to get misled by “such false and irresponsible stories being circulated in social and other media by some vested interests.”