Is Aadhaar biometric system safe? Is it protected from unauthorised use, from the eyes of NSA and other government spies? Well, the latest report of a data breach in Aadhaar system is raising lots of questions about the security of our personal biometric data.
The Unique Identification Authority of India (UIDAI) has found a data breach in the ultra secure Aadhaar system. According to a report by Livemint, there have multiple transactions done using the same biometric fingerprint. This won’t be possible unless the biometric data being stored and used illegally without authorization.
Once UIDAI found the data breach, the authority filed a criminal complaint against three organisations. This organisation under scanner are Axis Bank Ltd, business correspondent Suvidhaa Infoserve and e-sign provider eMudhra. These three organisations are now being probed for attempting unauthorised authentication and impersonation by illegally storing Aadhaar biometric data.
UIDAI detected the data breach when it found one individual performed 397 Aadhaar authenticated biometric transactions between July 14, 2016, and February 19, 2017. Out of this transaction, 194 were performed through Axis Bank, 112 through eMudhra and 91 through Suvidhaa Infoserve. That means multiple transactions was done using the same biometric data by different organisations. Showing an illegal storing of Aadhaar data and unauthorised authentication. Which is a criminal offence under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act.
Now this three organisation have come forward to clean their parts. An Axis Bank spokesperson told Livemint that, “a developer from Suvidhaa carried out four live Aadhaar-based authentications even when the testing phase for them was going on“. While Suvidhaa Infoserve CEO Paresh Rajde commented “The testing was done by our in-house team but there has been no financial loss as of now. We will submit our report to UIDAI on Monday”. While eMudhra completed denied storing any biometrics data. According to UIDAI, even testing is not permissible under the Aadhaar law. If in any case, someone needs to conduct such an experiment, UIDAI must be informed and get approval for them.
To feel safe till the end of the probe, the Aadhaar information is secured in a 2048-bit very high level of encryption. On every transaction where an Aadhaar-authentication request is made to UIDAI, an SMS or email alert is sent instantly to the Aadhaar user. This allows the you to urgently raise an issue with the bank or UIDAI, incase you found an unauthorised transaction. UIDAI also plans to further strengthen its system by bringing more safety features.