Explained: Why leaked Aadhaar details should worry an ordinary citizen

American cyber security and intelligence agency, Resecurity, noticed that the data has been put up for sale for $ 80,000, and claims that the hacker has shown some spreadsheets with pieces of Aadhar data as proof to claim legitimacy.

Hyderabad: The database of Aadhaar details is undoubtedly one of the largest databases in the world. With biometric and demographic data of a majority of Indian citizens attached to 12-digit unique identity numbers, a leak of an Aadhaar database is nothing short of a grave security shortcoming.

Despite a series of leaks in the past, the confidential and private data of crores of Indians is still consistently at risk, with hackers around the world trying to steal the data which could be worth millions of dollars. In one such incident, a hacker going by the name ‘pwn0001’ has reportedly stolen Aadhaar, Passport, Identity and Address details of 81.5 crore Indians and put it up for sale on the dark web, proving yet again how your data can help notorious criminals make a fortune.

---

American cyber security and intelligence agency, Resecurity, noticed that the data has been put up for sale for $ 80,000, and claims that the hacker has shown some spreadsheets with pieces of Aadhar data as proof to claim legitimacy.

On the other hand, irrespective of the number of complaints of stolen Aadhaar details and the reports of huge data breaches, the government of India has made it mandatory for people to be a part of the program in almost all facets of public life. The Unique Identification Authority of India (UIDAI) has constantly maintained that the server and the data, especially the biometric data is safe, despite many reports over the years proving otherwise.

There have been several instances of Aadhaar databases leaking through government website in the last few years. In what could be this year’s second instance of a huge database leak after the CoWIN leak earlier this year, the latest leak, according to several media reports could be from the official website of the Indian Council of Medical Research. With details of more than half of the Indian citizens at stake, this is easily the biggest breach of confidential and sensitive data by far.

Shockingly however, a report by the Centre for Internet and Society (CIS) has revealed that Aadhaar details along with demographic details and sensitive financial information of over 13 million people in the country has already been compromised and made available at a single click.

Response of the public on such breaches has also been rather muted for years now despite several warnings by experts on the risks posed by such leaks. One consistent response from the UIDAI, however, has been to underplay the risks pointed out by the experts by over playing the security of the biometric identification.

What exactly are the risks of database leaks?

The list of risks with compromised database is never-ending. From phishing frauds to online verification frauds, compromised databases can pose several risks to individuals who have been subjected to data theft.

Several government websites have made available the Aadhaar information of beneficiaries and the benefits of the welfare schemes they receive, with little or no security measures and with no encryption. With such confidential data easily available on government websites, details can be easily exploited and illegal sums of money can be transferred into these accounts making the beneficiaries liable to it.

Pointing at some of the many risks, cyber security expert, Anil Rachamalla of End Now Foundation, says, “with our data being made available online, we are no better than merchandise sold in malls now.”

“From phishing attacks to duplication of Aadhaar numbers to acquire bank loans, fraudsters can resort to many attacks with the now-compromised details,” Rachamalla says adding that citizens of the country are being restricted to being mere commodities with huge amounts of private data being sold.

Since Aadhaar cards have become mandatory for so many non-financial transactions in Indians’ day-to-day lives, details ranging from one’s health to his/her wealth could be easily accessed by crooks with a 12-digit unique identity number.

“One can find out your height, weight, skin colour, financial status, marital status and much more with all the details that will be linked to your Aadhaar number,” says the expert and adds target ads will be another result of the leaked data.