Senior Delhi Police officials on Monday said they are investigating the involvement of Unique Identification Authority of India insiders after the Aadhaar details of more than one billion residents were allegedly leaked. The alleged data leak was exposed by a news report in The Tribune on January 4.

The Delhi Police had filed a First Information Report in the case on January 5. The FIR does not name any individual as a suspect, though the UIDAI had mentioned The Tribune, the reporter who wrote the article, two individuals named in the article, and other unknown persons collectively in their complaint to the Crime Branch of the Delhi Police.

“From what we have understood so far, the leak has happened through the grievance redressal system which only officials in the authority [UIDAI] have access to,” said a senior official in Delhi Police’s Crime Branch. “Outsiders were not supposed to have access to the system. So, prima facie there has to be some insider’s role which is being probed.”

Officials in the Crime Branch said that the Delhi Police have asked the UIDAI to provide them with more details at the earliest, after which they can investigate further. “Once the origin of the leak is addressed, it won’t be difficult to track down individuals who have gained unauthorised access to the system,” another official said.

Hours after The Tribune report was published, the UIDAI had said in a statement that access to the search facility for the purpose of grievance redressal was given only to designated personnel and state government officials to help residents. It added that the reported case appeared to be an instance of misuse of the grievance redressal search facility.

In the news report, the additional director general of the regional UIDAI centre in Chandigarh, too, was quoted as saying that except the director general and him, no third person in Punjab is supposed to have access to the system.

However, attributing facts to an independent investigation, the newspaper had said that such rackets were apparently products of Whatsapp groups that offered access to the system to more than three lakh Village-Level Enterprise operators, hired by the Ministry of Electronics and Information Technology under the Common Service Centres Scheme across India.

The Tribune’s report further alleged that the CSCS operators, who were initially entrusted with the task of making Aadhaar cards across India, were rendered jobless after the service was restricted to post offices and designated banks in November 2017, in order to avoid any security breach. Now, many of the operators are suspected to have gained illegal access to UIDAI data while providing Aadhaar services to common people for a charge, including the printing of Aadhaar cards.