The State Bank of India has alleged that the login and biometric details of several Aadhaar operators, who were penalised last year, have been misused to generate unauthorised Aadhaar cards, The Times of India reported on Tuesday. The Unique Identification Authority of India has, however, refuted the claim calling the Aadhaar database “fully secured”.

FIA Technology Services Private Limited and Sanjivini Consultants Private Limited were assigned as vendors to SBI in Chandigarh region to reach its Aadhaar enrolment target. The Chandigarh region includes Haryana, Punjab, Himachal Pradesh, Jammu and Kashmir, besides the Union Territory of Chandigarh itself.

However, nearly half of the Aadhaar operators associated with these agencies were penalised, and were either deactivated or blacklisted. This move, officials said, had caused the bank to fail to meet targets and face penalties.

Vikram, one of those penalised from Uchana village in Haryana’s Jind district, was reportedly fined more than Rs 33 lakh for allegedly using his operator ID to generate Aadhaar cards using fraudulent documents between November 9 and November 17 last year, the newspaper reported, citing the UIDAI. Vikram had allegedly created several Aadhaar cards using “multiple station IDs” in his name, which allow Aadhaar cards to be made from multiple devices.

Almost all penalised operators were cleared by the UIDAI and allowed to get back to work, except Vikram.

Officials of SBI’s Chandigarh branch pointed out that as registrar, only the bank could have approved multiple station IDs, but they had not done so. In a letter to their corporate office in Mumbai, the bank officials said there must have been a loophole in UIDAI’s security system that allowed the discrepancy.

“The authority should be more transparent with us and let us know how this is happening,” SBI Deputy General Manager B Rajendra Kumar told The Times of India. “They should also guide us on the issue and, above all, make their database more secure.”

UIDAI refuted the allegations. “Aadhaar database is fully secured and no security breach, biometric or otherwise, has taken place,” it told the newspaper. The authority added that an inquiry in the case was under way.

UIDAI said it had introduced an additional step in the registration of Aadhaar operators as a security measure. It also said it has a system in place to detect attempts to register multiple machines and action is taken on a daily basis on operators who misuse the system. “UIDAI imposes financial disincentives and blacklists errant operators,” the authority said in a statement to The Times of India. “However, it relooks into the issue if someone is wrongly penalised.”