Aadhaar breach reports are misleading: UIDAI to court

The Unique Identification Authority of India (UIDAI) informed the Delhi high court on Thursday that its database — Central Identity Data Repository (CIDR) — had not been breached as existing security controls and protocols were “robust and capable of countering any such attempts or malicious designs of data breach or hacking”.

In an affidavit filed before a bench of Justice S Ravindra Bhat and Justice Prateek Jalan, the UIDAI said all reports of data breaches were misleading and false.

“... the data is fully secured/encrypted at all times i.e., at rest, in transit and in storage. For further strengthening of security and privacy of data, security audits are conducted on regular basis, and all possible steps are taken to make the data safer and protected...,” it said.

“... UIDAI has taken fool-proof measures to ensure end-to-end security of resident data, spanning from full encryption of resident data at the time of capture, tamper resistance, physical security, access control, network security, stringent audit mechanism, 24/7 monitoring and measures such as data partitioning and data encryption with UIDAI controlled data centres,” the affidavit added. The reply comes on a plea by Kerala-based lawyer Shamnad Basheer who has alleged that there were several breaches of the Aadhaar system leading to leakage of personal information of individuals since January 2018. The plea contended that UIDAI and the Centre were liable to compensate people whose data were compromised.

“Security of Aadhaar is of critical importance and is given paramount significance... UIDAI constantly strengthens and reviews its infrastructure and ecosystems in line with the best international security practices and technological standards...,” it said.

First Published: Feb 14, 2019 23:48 IST