Soon after centre proposed Aadhaar to be mandatory identification proof, cases of Aadhaar number leaks has surfaced which throws the security of information of many Indians under question. In fact, most incidents revealed the personally identifiable information of beneficiaries or subjects of the leaked databases containing Aadhaar numbers of individuals along with other personal identification details.
Aadhaar leaks are not only irreversibly harming the privacy of an Indian but also creating opportunity for financial frauds. For example, recently in Jharkhand, personal details of over 1.6 million pensioners of which 1.4 million synced their bank accounts with their Aadhar number were available to anyone who logs into the specific government website.
According to reports released on Monday by the Centre for Internet & Society who studied four government databases, last week has seen a wave of information leak from various government departments. The first two databases belong to the rural development ministry: the National Social Assistance Programme (NSAP)’s dashboard and the National Rural Employment Guarantee Act (NREGA)’s portal.
The second two databases deal with the state of Andhra Pradesh: namely, the state government’s own NREGA portal and the online dashboard of a state government scheme called “Chandranna Bima”.
“Based on the numbers available on the websites looked at, estimated number of Aadhaar numbers leaked through these 4 portals could be around 130-135 million and the number of bank accounts numbers leaked at around 100 million from the specific portals we looked at,” the report’s authors, Amber Sinha and Srinivas Kodali, state.
The major website which was leaking 10,96,41,502 Aadhaar numbers was NREGA MIS portal. While the next one is national social pension programmer website nsap.nic.in which has 1,59,42,083 Aadhaar numbers.
“While availability of aggregate information on the dashboard may play a role in making government functioning more transparent, the fact that granular details about individuals including sensitive PII such as Aadhaar number, caste, religion, address, photographs and financial information are only a few clicks away suggest how poorly conceived these initiatives are,” the report added.
“It is entirely unclear to us what the purpose behind making available a data download option on the NSAP website is. This feature allows download of beneficiary details mentioned above such as Beneficiary No., Name, Father’s/Husband’s Name, Age, Gender, Bank or Post Office Account No. for beneficiaries receiving disbursement via bank transfer and Aadhaar Numbers for each area, district and state,” the report states.