Aadhaar data breach? India's national ID database with details of 1.2 billion citizens 'leaked'

Aadhaar data breach? India's national ID database with details of 1.2 billion citizens 'leaked'

A local Indian newspaper was able to access the private data of nearly 1.2 billion Indians for just $8.

In 2010 India started scanning personal details like names, addresses, dates of birth, mobile numbers, and more, along with all 10 fingerprints and iris scans of its 1.3 billion citizens, into a centralized government database called Aadhaar to create a voluntary identity system. On Wednesday this database was reportedly breached.

The Tribune, a local Indian newspaper, claimed that its reporters were able to purchase access to users' details via an "agent" who went by the name Anil Kumar on WhatsApp for just Rs 500 (£6, $8). Once paid, the "agent" then gave the reporters a username and password that allowed them to enter any Aadhaar number into the UIDAI website and gain access to the personal information of nearly 1.2 billion citizens enrolled in the government database

A second report, published on Thursday by the Quint, an Indian news website, revealed that anyone can create an administrator account that lets them access the Aadhaar database as long as they’re invited by an existing administrator.

Currently the world's largest biometric database in the world, Aadhaar contains the iris scans, fingerprints and personal information such as names, physical and email addresses, and photos of over 1 billion Indian citizens.

Enrolling for an Aadhaar number isn’t mandatory, but for months, India’s government has been coercing its citizens to sign up for the program by linking access to essential services like food subsidies, bank accounts, cell phone numbers, and health insurance, among other things, to Aadhaar. Critics have slammed the program for its ability to violate the privacy of Indians and for its ability to turn India into a surveillance state, but that hasn’t stopped both Indian companies and Silicon Valley giants like Uber, Airbnb, Microsoft, and Amazon from figuring out ways to integrate it with their products and services in India.

Hours after the Tribune's report was published, India’s Narendra Modi-led Bharatiya Janata Party dismissed it as “fake news.”

BuzzFeed News managed to track down the person who went by the pseudonym "Anil Kumar". The person said he had provided access to the Aadhaar database to seven other people besides the Tribune reporter for Rs 500 each. However, he said he was not aware that he was violating people's privacy when he did so.

"I paid Rs 6,000 to an anonymous person in a WhatsApp group I was a part of to create a username and password to the Aadhaar database for myself," he told BuzzFeed News. "I was told that I could then create as many usernames and passwords to access the database as I wanted. I sold each of them to make my Rs 6,000 back."

News of the alleged leak has already triggered massive criticism despite the government's insistence that the data was safe and secure.

Whistleblower Edward Snowden, who famously leaked thousands of classified documents revealing the extent of mass surveillance programmes in the US and UK, also weighed in on India's Aadhaar system.

"It is the natural tendency of government to desire perfect records of private lives. History shows that no matter the laws, the result is abuse," Snowden tweeted.