UIDAI says report of Aadhaar data-leak on state-run company’s system is ‘false, irresponsible’
The identification authority said even if the news was true, it would raise doubts only about the security of the utility firm’s data.
The Unique Identification Authority of India on Saturday dismissed reports that a New Delhi-based security researcher had discovered a data leak on a state-owned utility company’s system, that can allow anyone to download private information of all Aadhaar holders.
“There is no truth in this story as there has been absolutely no breach of UIDAI’s Aadhaar database,” the authority said in a tweet. “Aadhaar remains safe and secure.”
There is no truth in this story as there has been absolutely no breach of UIDAI’s Aadhaar database. Aadhaar remains safe and secure. 2/8
— Aadhaar (@UIDAI) March 24, 2018
The UIDAI said the claims made by the ZDNet report were “false, baseless and irresponsible”. The identification authority said that even if the claims of vulnerability of the company’s data were true, it would only implicate the firm, not the Aadhaar database.
“If one goes by the logic of ZDNet’s story, since the utility company’s database also had bank account numbers of its customers, so would that mean that all Indian banks’ databases have been breached?” the UIDAI asked. “The answer would obviously be negative.”
Even if the claim purported in the story were taken as true, it would raise security concerns on database of that Utility Company and has nothing to do with security of UIDAI’s Aadhaar database. 4/8
— Aadhaar (@UIDAI) March 24, 2018
The agency reiterated that there is no security threat to an Aadhaar holder if the identity card’s number is in the possession of another person. The UIDAI said this is because the fingerprint, iris scan or a One Time Password is required to authenticate transactions.
