NEW DELHI: A report in American tech website ZDNet has claimed a breach in the firewall of an unnamed state-owned utility that uses Aadhaar for authenticating users of its services. The Unique Identification Authority of India (UIDAI) dismissed the ZDNet claims as “baseless and irresponsible”, asserting that Aadhaar details “remain safe and secure”. “There is no truth in the story as there has been absolutely no breach of UIDAI’s Aadhar database,” it said.
UIDAI said that the story is “totally baseless, false and irresponsible,” adding that “even if the claim purported in the story were taken as true, it would raise security concerns on database of that utility company and has nothing to do with security of UIDAI’s Aadhaar’s database.” It said it is contemplating legal action. The ZDNet.com report said, “A data leak on a system run by a state-owned utility company can allow anyone to download private information on all Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and information about services they are connected to, such as their bank details and other private information.”
It claims to be withholding the name of the utility over hacking concerns. “Yet the Indian authorities have done nothing to fix the flaw,” the report said, adding that they have been in touch with the Indian Consulate in New York as well as other officials for the past one month, but there has been no response. “… the affected system is still online and vulnerable. For that reason, we’re withholding specific details about the vulnerability until it’s fixed,” ZDNet claimed.
UIDAI statement said that Aadhaar number, “though a personal sensitive information”, is not a secret number. “Mere availability of Aadhaar number with a third person will not be a security threat to the Aadhaar holder or will not lead to financial/other fraud, as for any transaction, a successful authentication through fingerprint, Iris or OTP of the Aadhaar holder is required.” ZDNet claims, that data, on the face of it, “may not be seen as sensitive as leaked or exposed biometric data, but it nevertheless contradicts the Indian government’s claims that the database is secure.”