Aadhar data of 100 crore Indians compromised? UIDAI clarifies
Recently, there was a report that the Unique Identification Authority of India (UIDAI)'s Aadhar data has been rendered totally vulnerable. The report claimed that biometrics and even personal information of over 100 crore citizens of India has been compromised by a software patch that "disables critical security features of the software used to enroll new Aadhaar users." This report has raised alarm.
In this regard, UIDAI has issued a detailed clarification. "UIDAI hereby dismisses a news report appearing in social and online media about Aadhaar Enrolment Software being allegedly hacked as completely incorrect and irresponsible. Claims made in the report about Aadhaar being vulnerable to tampering leading to ghost entries in Aadhaar database by purportedly bypassing operators’ biometric authentication to generate multiple Aadhaar cards is totally baseless," the authority said in a statement.
"All necessary safeguard measures are taken spanning from providing standardized software that encrypts entire data even before saving to any disk, protecting data using tamper proofing, identifying every one of the operators in “every” enrolment identifying every one of thousands of machines using a unique machine registration process, which ensures every encrypted packet is tracked," it noted.
"Full measures are taken to ensure end-to-end security of resident data, spanning from full encryption of resident data at the time of capture, tamper resistance, physical security, access control, network security, stringent audit mechanism....24x7 security and fraud management system monitoring, and measures such as data partitioning and data encryption within UIDAI controlled data centres," UIDAI added.
But what if some operator is compromised? "No operator can make or update Aadhaar unless resident himself give his biometric. Also, the concerned enrolment machines and the operators are identified, blocked and blacklisted permanently from the UIDAI system. Police complaints are also filed for such fraudulent attempts," the statement clarified.