20k Aadhaar cards available online, says expert; UIDAI dismisses security concerns

20k Aadhaar cards available online, says expert; UIDAI dismisses security concerns

French security researcher Baptiste Robert, who recently exposed vulnerabilities in TSPost disbursement portal and BSNL database, has now claimed that he found 20,000 Aadhaar cards in pdf and jpeg formats available on websites of both government and non-government agencies across India.

The Unique Identification Authority of India (UIDAI) has, however, dismissed his claims, stating that allegations of a fragile security system were irresponsible, just because unscrupulous elements put up some Aadhaar cards on the Net.

Robert, who blacked out details while posting samples, said, “I found more than 20,000 Aadhaar cards after a manual search in less than three hours. All cards are in public domain. No hacking is needed. It’s open to everybody.”

Another anonymous hacker claiming to be based in New York and using the handle ‘trollyacharya’ tweeted pictures on Sunday. “After a simple search query, I found an Aadhaar card dump of Andhra Pradesh government. Maharashtra government has also put up these key details. UP too has joined the race. They have uploaded Aadhaar, PAN cards and passports.”

UIDAI has replied to a TOI email query, stating — Publication of Aadhaar cards by some people have no bearing on UIDAI and not the least on Aadhaar security. Aadhaar as an identity document by its very nature needs to be shared openly with others as and when required and asked for. Aadhaar just like any other identity document, therefore, is never to be treated as a confidential document.

Although Aadhaar has to be shared with others, it being personal information like mobile number, bank account number, PAN card, passport and family details should be ordinarily protected to ensure privacy of the person. If anybody publishes someone’s personal information like Aadhaar card, passport, mobile number, bank account number, he can be sued for civil damages by the person whose privacy right is infringed upon. In no way, it threatens or impacts the security of the system which has issu …..Read More>>