Database completely secure, breach one-off: UIDAI
NEW DELHI: The Unique Identification Authority of India (UIDAI) on Sunday said biometrics of individuals are completely secure, allaying such fears after some reports pointed to possible breach of biometric security of the Aadhaar database last week.
The authority said the reported breach was a one-off incident.
“It is an isolated case of an employee working with a bank’s business correspondent’s company, making an attempt to misuse his own biometrics, which was detected by UIDAI internal security system and subsequently actions under the Aadhaar Act have been initiated,” it said in a release on Sunday
After the authority discovered that one individual had performed 397 biometric transactions between July 14, 2016 and February 19, 2017, it started investigating the matter
UIDAI filed a police complaint on February 15 against Axis Bank, business correspondent Suvidhaa Infoserve and esign provider eMudhra for attempted unauthorised authentication and impersonation by illegally storing Aadhaar biometric data.
In its statement, UIDAI said the Aadhaar Act strictly regulate on-boarding and functioning, including data sharing restrictions imposed on companies that want to use Aadhaar information, and said there are stringent provisions in the Aadhaar (Authentication) Regulations governing the usage of eKYC data, including storage and sharing, resident consent being paramount in both the cases.
“Any unauthorised capture of iris or fingerprints or storage or replay of biometrics or their misuse is a criminal offence under the Aadhaar Act,” it said. “UIDAI uses one of world’s most advanced encryption technologies in transmission and storage of data. As a result, during the last seven years, there has been no report of breach or leak of residents’ data out of UIDAI,” the statement claimed.
The alleged breach of security of the Aadhaar database assumes importance given the massive linkages with various welfare and government projects under the Narendra Modi government.
Aadhaar is also pitched to play a big role in digital payments with the expected launch of biometricenabled payment system called Aadhaar Pay.
Last month, UIDAI had cracked down on unauthorised agencies offering Aadhaar-related services illegally and charging excessive money from the public. It got 12 such websites and 12 mobile applications available on the Google Play store shut down. It has also directed authorities for closure of another 26 fraudulent and illegal websites and mobile apps.
Some websites and mobile apps were luring citizens to share their basic information and Aadhaar number under the pretext of getting them Aadhaar card or offering other Aadhaar-related services
“We have taken strict action against them,” UIDAI chief executive Ajay Bhushan Pandey had said.
The authority said the reported breach was a one-off incident.
“It is an isolated case of an employee working with a bank’s business correspondent’s company, making an attempt to misuse his own biometrics, which was detected by UIDAI internal security system and subsequently actions under the Aadhaar Act have been initiated,” it said in a release on Sunday
After the authority discovered that one individual had performed 397 biometric transactions between July 14, 2016 and February 19, 2017, it started investigating the matter
UIDAI filed a police complaint on February 15 against Axis Bank, business correspondent Suvidhaa Infoserve and esign provider eMudhra for attempted unauthorised authentication and impersonation by illegally storing Aadhaar biometric data.
In its statement, UIDAI said the Aadhaar Act strictly regulate on-boarding and functioning, including data sharing restrictions imposed on companies that want to use Aadhaar information, and said there are stringent provisions in the Aadhaar (Authentication) Regulations governing the usage of eKYC data, including storage and sharing, resident consent being paramount in both the cases.
“Any unauthorised capture of iris or fingerprints or storage or replay of biometrics or their misuse is a criminal offence under the Aadhaar Act,” it said. “UIDAI uses one of world’s most advanced encryption technologies in transmission and storage of data. As a result, during the last seven years, there has been no report of breach or leak of residents’ data out of UIDAI,” the statement claimed.
The alleged breach of security of the Aadhaar database assumes importance given the massive linkages with various welfare and government projects under the Narendra Modi government.
Aadhaar is also pitched to play a big role in digital payments with the expected launch of biometricenabled payment system called Aadhaar Pay.
Last month, UIDAI had cracked down on unauthorised agencies offering Aadhaar-related services illegally and charging excessive money from the public. It got 12 such websites and 12 mobile applications available on the Google Play store shut down. It has also directed authorities for closure of another 26 fraudulent and illegal websites and mobile apps.
Some websites and mobile apps were luring citizens to share their basic information and Aadhaar number under the pretext of getting them Aadhaar card or offering other Aadhaar-related services
“We have taken strict action against them,” UIDAI chief executive Ajay Bhushan Pandey had said.
