A research report by The Centre for Internet & Society (CIS) has shed light on leakage of personal Aadhaar numbers of millions of Indian citizens by four government portals. These government portals have given public access to Aadhaar details of almost 135 million Indians online, for everyone to see and potentially misuse, as per the report.
The four government portals include the National Social Assistance Program, the National Rural Employment Guarantee Act (NREGA) by the Ministry of Rural Development, the Daily Online Payment Reports under NREGA, and the Chandranna Bima Scheme by the Government of Andhra Pradesh. These websites allow public access to Aadhaar and financial information such as bank account details of affected users.
"While initiatives such as the government open data portals may be laudable for providing easy access to government data condensed for easy digestion, however in the absence of 3 proper controls exercised by the government departments populating the databases which inform the data on the dashboards, the results can be disastrous by divulging sensitive and adversely actionable information about the individuals who are responding units of such databases. Thus, while availability of aggregate information on the Dashboard may play a role in making government functioning more transparent, the fact that granular details about individuals including sensitive PII such as Aadhaar number, caste, religion, address, photographs and financial information are only a few clicks away suggest how poorly conceived these initiatives are," the research paper notes.
As per the report, the National Social Assistance Program website is home to sensitive information of pensioners. Details like job card number, bank account number, Aadhaar number, and account frozen status can be accessed by anyone with login credentials. The National Rural Employment Guarantee Scheme has Aadhaar numbers, job card numbers, bank account details, registration numbers, and more information on workers listed on the site, and all of this information is available publicly. Similarly, the Chandranna Bima Scheme and the Daily Online Payment Reports portals make available Aadhaar numbers, mobile numbers, bank details, and more of all listed Indian citizens.
If true, the public disclosure of Aadhaar details is a serious misstep by UIDAI and the government, and it needs to prioritise privacy and safety measures on the Web, when hacking and unethical practices are on a massive rise. The report also blames the UIDAI for not being thorough in ensuring safety of Aadhaar credentials. While 135 million Aadhaar numbers have been made public, there are almost 100 million bank account details that have also been divulged by these sites.