Data leak on system run by a state-owned utility could potentially expose the names, unique 12-digit ID numbers, and bank details of cardholders
An Aadhar card.
New Delhi: India’s biometric ID programme, Aadhaar, has been hit by another major security lapse that has exposed access to private information, business technology news website ZDNet reported on Saturday.
A data leak on a system run by a state-owned utility can compromise the private information of Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details, ZDNet said.
Even though the security lapse had been flagged and reported to some government agencies over a period of time, it has yet to be fixed. ZDNet said it was withholding the name of the utility and other details.
Karan Saini, a New Delhi-based security researcher, said that anyone with an Aadhaar number was affected.
“This is a security lapse. You don’t have to be a consumer to access these details. You just need the Uniform Resource Locator where the Application Programming Interface is located.
These can be found in less than 20 minutes,” Saini told Reuters.
Vikas Shukla, spokesman for the Unique Identification Authority of India (UIDAI), which runs the Aadhaar programme, said the agency would issue a statement later on Saturday.
Aadhaar, a biometric identification card with over 1.1 billion users, is the world’s biggest database.
But it has been facing increased scrutiny over privacy concerns following several instances of breaches and misuse.
Last Thursday, the CEO of the UIDAI said the biometric data attached to each Aadhaar was safe from hacking as the storage facility was not connected to the internet.
“Each Aadhaar biometric is encrypted by a 2,048-key combination and to decode it, the best and fastest computer of our era will take the age of the universe just to hack into one card’s biometric details,” Ajay Bhushan Pandey said.