A large breach in the Aadhaar card system has recently come into light. The breach made all the details of Aadhaar card users accessible to anyone who was willing to pay just 500 Indian rupees. The wide spread breach was exposed publicly by Tribune India on its Jan 4th issue. A reporter from Tribune is said to have been provided a platform which enables accessing all the Aadhaar card data from a secret WhatsApp group after paying just 500 Indian rupees. In the platform, one could enter any Aadhaar number to get all connected private informations. The reporter then paid another 300 rupees to have a software that could print Aadhaar cards installed on her computer. Tribune claims that the breach could have started around six month ago and could have been spread to a million illegitimate users. The group seems to have targeted Common Service Centres Scheme(CSCS) operators who previously had been assigned the task of making Aadhaar cards all across India.
This issue displays the gross negligence of the related authorities as a so wide spread breach was operational for as long as six months. After previous data leakage the authorities said that “Aadhaar data is fully safe and secure and there has been no data leak or breach at UIDAI.“. But this claim has been proven false as such huge data breach exposing data of 1 million users has come into the limelight. What makes this breach more severe and displays incompetence is that not only the breach has been going on for six months, the access was traded publicly using social media apps. How could the authorities not have noticed this? The official twitter handle for UIDAI the authority that distributes and maintains Aadhaar card has posted a tweet denying the breach. It tweets, “There has not been any data breach of biometric database which remains fully safe & secure with highest encryption at UIDAI and mere display of demographic info cannot be misused without biometrics “. While we can infer that it says that there has ben no breach of data, most of it is incomprehensible and we can only guess its meaning.
While we are talking about public data leakage from government sources, how likely is Nepal to face a similar fate to its neighbor? Nepal in recent history has begun storing huge troves of personal information digitally but, has the security and privacy of such information been given proper thoughts. When we see governments websites being defaced on a daily basis it is a given that we are skeptical on proper security practices in government side. Nepal government currently maintains many repositories of personal data and provides portal to access those data. The security measures implemented there seem really weak on the surface and we can only hope that any unauthorized access to such data is restricted. There really isn’t much assurance that these data aren’t leaking being harvested by some unauthorized persons or malicious actors. If no proper security measures are implemented in these data repositories and their portals, Nepal is sure to see similar data breach cases in the future.