A French security researcher claimed on Sunday that he had found details of 20,000 Aadhaar cards in the public domain in a three-hour span. The Twitter user, who goes by the name Elliot Alderson, has reported security flaws in various Indian government websites over the past few months, including some that were fixed after he reported them.
Hours after his tweets on Sunday, the Unique Identification Authority of India, which operates the biometric identity system, reiterated that Aadhaar “remains safe and secure”. “There has not been a single breach from its biometric database during the last eight years of its existence,” the Aadhaar authority claimed.
The UIDAI dismissed the reports about the security breach as “irresponsible” and “far from the truth”. Calling Aadhaar the “most trusted ID”, the UIDAI said it was an identity document that should be shared openly with others when needed, and not to be treated as confidential.
“If anybody unauthorisedly publishes someone’s personal information such as Aadhaar card, passport, mobile number, bank account number, his photograph, he can be sued for civil damages by the person whose privacy right is infringed,” the Aadhaar authority said.
The researcher had on March 4 claimed to have got access to a private database of Bharat Sanchar Nigam Limited, containing details of more than 47,000 employees. Soon after he reported this, the telecom company fixed the problem. India Post also resolved a security issue last week after it was reported by Baptiste.