'Absolutely No Breach Of Aadhaar Database': Read UIDAI's Full Statement On Report Of Data Leak

Aadhaar number is a 12-digit random number issued by UIDAI to the residents of India after satisfying the verification process.

Tech, Media & Telecom | | Updated: March 25, 2018 14:01 IST
'Absolutely No Breach Of Aadhaar Database': Read UIDAI's Full Statement On Report Of Data Leak

The story is totally baseless, false and irresponsible, said UIDAI on report of Aadhaar data leak.

Availability of Aadhaar number with a third person will not be a security threat to the Aadhaar holder, said Unique Identification Authority of India (UIDAI) in a tweet posted on its official twitter handle- @UIDAI. This clarification came after a report by business technology news website ZDNet said that a data leak on a system run by a state-owned utility company can allow access to private information of Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details, according to news agency Reuters. Aadhaar number is a 12-digit random number issued by UIDAI to the residents of India after satisfying the verification process, mentioned UIDAI on its official website-uidai.gov.in.Here's the full statement of UIDAI on report of data leak as mentioned on its official twitter handle:

We refute the reports in a certain section of media sourced from ZDNet which quote a person purportedly claiming to be a security researcher that a state-owned utility company has vulnerability which can be used to access huge amount of Aadhaar data including banking details. We advise people not to get misled by such false and irresponsible stories being circulated in social and other media by some vested interests.

There is no truth in this story as there has been absolutely no breach of UIDAI's Aadhaar database. Aadhaar remains safe and secure. Mere availability of Aadhaar number with a third person will not be a security threat to the Aadhaar holder or will not lead to financial/other fraud, as for any transaction, a successful authentication through fingerprint, Iris or OTP of the Aadhaar holder is required, noted UIDAI.

One must understand that the Aadhaar number, though a personal sensitive information, is not a secret number. If one goes by the logic of ZDNet's story, since the Utility company's database also had bank account numbers of its customers, so would that mean that all Indian banks' databases have been breached? The answer would obviously be in negative.

Comments
Even if the claim purported in the story were taken as true, it would raise security concerns on database of that Utility Company and has nothing to do with security of UIDAI's Aadhaar database.

The story is totally baseless, false and irresponsible. It purports that the database of a state Utility company containing its customer details such as bank account numbers, consumer number, Aadhaar number (not the biometrics), etc., has vulnerability.