Aadhaar security lapse could allow major chunk of information to be stolen, says data security expert
“The UIDAI’s response, when we approached them a month ahead of the story, notifying them of the vulnerable endpoint, was to do nothing.” By Alison Saldanah For the second time in the first three months of 2018, the vulnerabilities of the Aadhaar programme — the world’s largest biometric database — were exposed when American business technology website ZDNet reported on 23 March 23, 2018, that the personal data of millions of enrolled Indians could be accessed through unsecure websites and mobile apps of third-party agencies that use the identification system for authenticating transactions. One night in mid-February 2018, in 30 minutes, data security expert Karan Saini, who identifies as a “white-hat” hacker, found the vulnerable point in the Aadhaar database through Indane, a commercial distributor of liquefied petroleum gas, owned by Indian Oil, a public-sector company. With banks and third parties using the programme for identity verification, Aadhaar data remains partially compromised because it might be shared with parties who do not take data security issues seriously. Right now, in not demanding and enforcing stricter data protection measures, neither the third parties with access to Aadhaar data nor the UIDAI are taking responsibility for significant security issues and concerns.
PM-Kisan website found leaking Aadhaar data of over 110 million Indian farmers
Stolen Aadhaar data may have been used to remove voters from electoral roll: Report
Discover Related
Quicksplained: All you need to know about new Aadhar app with face ID, QR code features
Govt launches new Aadhaar App with Face ID authentication, stronger privacy features — Details here
New Aadhaar app with facial authentication launched in testing phase
New Aadhaar app launched with eye on stronger privacy. All you need to know
Government employee placed under ‘digital arrest’ loses ₹8.5 lakh
IFF Warns Aadhaar-Voter ID Linking Could Threaten India’s Democratic Process
CEC calls top officials’ meeting over linking Aadhaar, voter ID
Security gaps in ICMR system as per Cert-In, reveals House panel report
Aadhaar Pay transactions soar 66% during Mahakumbha in Prayagraj: Report
Portal unveiled to help private entities apply for Aadhaar authentication
Aadhaar-PAn link not infringement of fundamental rights: Orissa high court
We finally have clarity on the role of consent managers under India’s privacy law
Karnataka High Court Allows ED To Access Aadhar Database For Probing Case Under PMLA
Data protection rules and Act, a net negative for privacy rights
Punjab govt’s anti-drug drive sparks data privacy concerns
Private companies can use Aadhaar infrastructure for identity checks again
Centre Allows Private Entities To Use Aadhaar For Authentication, Notifies Aadhaar Amendment Rules
Private entities can now use Aadhaar authentication
UIDAI notifies rules for private entities to perform Aadhaar authentication
Smartphone safety tips: 5 ways to prevent online fraud, data theft
Here are the big stories from Karnataka today
New Digital Rules Let You Wipe All Your Details Online
Ensure 100% Aadhaar enrolment of children: Punjab chief secretary
India's 'digital arrest' scammers stealing savings