The Unique Identification Authority of India (UIDAI) has issued a statement saying there has been no breach to UIDAI database of Aadhaar and personal data of individuals held by UIDAI is fully safe and secure. The Aadhaar based authentication is robust and secure. The system has the capability to inquire into any instance of misuse of biometrics and identity theft and initiate action. The authority says it uses one of the world’s most advanced encryption technologies in transmission and storage of data. There is has been no report of breach or leak of Aadhaar data in the last seven years.

Admitting to an incident of misuse of Aadhaar biometrics, the UIDAI said it’s an isolated case. An employee working with a bank’s Business Correspondent’s company made an attempt to misuse his own biometrics data. Which was then detected by UIDAI internal security system and subsequently actions under the Aadhaar Act have been initiated.

With regard to misinformation in some news items and articles appearing in various print and social media during the last few days alleging breach of Aadhaar data, misuse of biometrics, breach of privacy, and creation of parallel databases etc., UIDAI said that it has carefully gone into these reports and would like to emphasise that there has been no breach to UIDAI database of Aadhaar in any manner whatsoever and personal data of individuals held by UIDAI is fully safe and secure” the Electronics and IT Ministry (MeitY) said in a statement.

UIDAI finds data breach in Aadhaar system - Multiple transactions via same Fingerprint

Other important highlights from the statement

  • No misuse of Aadhaar biometrics data leading to identity theft or financial loss.
  • UIDAI is continuously updating its security parameters, undertakes security audits and takes necessary steps to augment its security features.
  • Further enhancing security, only registered devices will be used to capture biometrics data. This data will also be encrypted at the point of capture itself.
  • E-KYC APIs are available only to authorized Authentication User Agencies (AUAs) and e-KYC User agencies (KUAs) through authorized Authentication Service agencies (ASAs) which have established secure network connectivity for the purpose of authentication with the Central Identities Data Repository (CIDR), in compliance with the Regulations, specifications, standards and technology architecture as prescribed by UIDAI.
  • Any unauthorised capture of IRIS or fingerprints or storage or replay of biometrics or their misuse is a criminal offence under the Aadhaar Act.
  • The E-KYC data will be given by UIDAI to authorised agencies only after they obtain the consent of their customers. This data can be used only for the purpose for which it was obtained. For example, a telecom operator can obtain the E-KYC data of its subscribers and keep them in their records without biometrics. The operator can then use the data only for the purpose of proving telecom services.
  • Aadhaar has been used by more than 4.47 crore people to open bank accounts through Aadhaar E-KYC.
  • The government has already saved over Rs 49,000 Crore through Aadhaar based Direct Benefit Transfers.
|