TNN | Mar 25, 2018, 03:00 IST
HIGHLIGHTS
- UIDAI dismissed the ZDNet claims as “baseless and irresponsible”, asserting that Aadhaar details “remain safe and secure”
- The ZDNet report said that the API used by the utility to access the Aadhaar database isn’t secured
- UIDAI statement said that Aadhaar number, “though a personal sensitive information”, is not a secret number
NEW DELHI: A report in American tech website ZDNet has claimed a breach in the firewall of an unnamed state-owned utility that uses Aadhaar for authenticating users of its services. The Unique Identification Authority of India (UIDAI) dismissed the ZDNet claims as “baseless and irresponsible”, asserting that Aadhaar details “remain safe and secure”. “There is no truth in the story as there has been absolutely no breach of UIDAI’s Aadhar database,” it said.
The ZDNet report said that the API used by the utility to access the Aadhaar database isn’t secured. "It’s possible to retrieve private data on each Aadhaar holder, regardless of whether they’re a customer of the utility provider or not,” the report on ZDNet said. The report, however, adds that the breach does not allow access to biometric details (information shared with UIDAI at the time of applying for Aadhaar) of individuals.
UIDAI said that the story is “totally baseless, false and irresponsible,” adding that “even if the claim purported in the story were taken as true, it would raise security concerns on database of that utility company and has nothing to do with security of UIDAI’s Aadhaar’s database.” It said it is contemplating legal action. The ZDNet.com report said, “a data leak on a system run by a state-owned utility company can allow anyone to download private information on all Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and information about services they are connected to, such as their bank details and other private information.”
TOP COMMENT
Aadhar do have practical problem that government should admit. Recently I tried to link my irctc with Aadhar. I got message that credentials are not tallying . Then I made necessary change in my irctc account like address . I got message from irctc that changes were successfully carried out . After few days I tried to link irctc with Aadhar . Same message from irctc that credentials are not matching. Biometric problem is another major issue govt should address before vigorously implement the case. I am sure that BJP is going to loose some vote from people affected due to Aadhar, cow vigilante ( of farmers having aged cow ) cases etc
achan kunju
It claims to be withholding the name of the utility over hacking concerns. “Yet the Indian authorities have done nothing to fix the flaw,” the report said, adding that they have been in touch with the Indian Consulate in New York as well as other officials for the past one month, but there has been no response. “… the affected system is still online and vulnerable. For that reason, we’re withholding specific details about the vulnerability until it’s fixed,” ZDNet claimed.
UIDAI statement said that Aadhaar number, “though a personal sensitive information”, is not a secret number. “Mere availability of Aadhaar number with a third person will not be a security threat to the Aadhaar holder or will not lead to financial/other fraud, as for any transaction, a successful authentication through fingerprint, Iris or OTP of the Aadhaar holder is required.” ZDNet claims, that data, on the face of it, “may not be seen as sensitive as leaked or exposed biometric data, but it nevertheless contradicts the Indian government’s claims that the database is secure.”