Even as India moves ahead in its digital India sojourn, security practices remain a major area to look at. An incident in Jharkhand again seems to have raised some serious questions of Aadhaar’s data-breach vulnerabilities.
Due to a programming error in the Aadhaar website maintained by the Jharkhand Directorate of Social Security, Aadhaar data of more than 1.4 million citizens has leaked. The leaked details include names, Aadhaar numbers, addresses, and bank account details of the beneficiaries of the Jharkhand’s old-age pension scheme.
The Aadhaar Act prohibits public display of an individual’s Aadhaar details. The Unique Identification Authority of India (UIDAI) office in Ranchi called up the office of the Department of Women and Child & Social Security to inform them of the glitch.
“We got a call from the UID cell telling us that the Aadhaar numbers of pension beneficiaries were being displayed on the website. We are aware of the seriousness (of the matter) and we will try to find out how and from where this mistake happened,” Director (Social Security) Ram Parvesh was quoted as saying by The Indian Express.
In Jharkhand, for instance, cyber security experts had long warned that many websites maintained by the state government were insecure.
“We had demonstrated these vulnerabilities to the state government in December,” said Vineet Kumar, a former member of Jharkhand police’s cyber cell, who has since set up the Cyber Peace Foundation, an NGO.
While it’s unclear since when the details were made public, the website has now blocked the access to the data.
“Jharkhand-type leaks could happen anywhere,” said an official who works closely with the Ministry of Rural Development, “In many states, each department has its own IT vendors who build the software that stores this information. There is no common security standard across states and departments.”