The Unique Identification Authority of India on Saturday dismissed reports that a New Delhi-based security researcher had discovered a data leak on a state-owned utility company’s system, that can allow anyone to download private information of all Aadhaar holders.
“There is no truth in this story as there has been absolutely no breach of UIDAI’s Aadhaar database,” the authority said in a tweet. “Aadhaar remains safe and secure.”
The UIDAI said the claims made by the ZDNet report were “false, baseless and irresponsible”. The identification authority said that even if the claims of vulnerability of the company’s data were true, it would only implicate the firm, not the Aadhaar database.
“If one goes by the logic of ZDNet’s story, since the utility company’s database also had bank account numbers of its customers, so would that mean that all Indian banks’ databases have been breached?” the UIDAI asked. “The answer would obviously be negative.”
The agency reiterated that there is no security threat to an Aadhaar holder if the identity card’s number is in the possession of another person. The UIDAI said this is because the fingerprint, iris scan or a One Time Password is required to authenticate transactions.