Skip to main content

135 million aadhaar details, 100 million bank accounts "leaked" from government websites: Researchers

Screenshot from a NREGA site: Researchers hide details 
Counterview Desk
A top study by the Centre for Internet and Society (CIS) has said that “estimated number of aadhaar numbers leaked” through top portals which handle aadhaar “could be around 130-135 million”. Worse, it says, the number of bank accounts numbers leaked would be “around 100 million”.
The study, carried out by researchers Amber Sinha and Srinivas Kodali, adds, “While these numbers are only from two major government programmes of pensions and rural employment schemes, other major schemes, who have also used aadhaar for direct bank transfer (DBT) could have leaked personally identifiable information (PII) similarly due to lack of information security practices.”
Pointing out that “over 23 crore beneficiaries have been brought under aadhaar programme for DBT”, the study, titled “Information Security Practices of Aadhaar (Or Lack Thereof)”, says, “Government schemes dashboard and portals demonstrate … dangers of ill-conceived data driven policies and transparency measures without proper consideration to data security measures.”
Claiming to have a closer look at the databases publicly available portals, the researchers identify four of them a pool of other government websites for examination:
A welfare programme by the Ministry of Rural Development, the National Social Assistance Programme (NSAP) portal, even as seeking to provide public assistance to its citizens in case of unemployment, old age, sickness and disablement, offers information about “job card number, bank account number, name, aadhaar number, account frozen status”, the researchers say.
Pointing out that “one of the url query parameters of website showing the masked personal details was modified from nologin to login”, they say, the “control access to login based pages were allowed providing unmasked details without the need for a password.”
Another NREGA site screenshot by researchers
In fact, they say, the Data Download Option feature “allows download of beneficiary details mentioned above such as Beneficiary No, Name, Father’s/Husband’s Name, Age, Gender, Bank or Post Office Account No for beneficiaries receiving disbursement via bank transfer and Aadhaar Numbers for each area, district and state.”
They add, “The NSAP portal lists 94,32,605 banks accounts linked with aadhaar numbers, and 14,98,919 post office accounts linked with aadhaar numbers. While the portal has 1,59,42,083 aadhaar numbers in total, not all of whom are linked to bank accounts.”
Also giving the example of the national rural job guarantee scheme, popularly called NREGA, the researchers say, its portal provides DBT reports containing “various sub-sections including one called ‘Dynamic Report on Worker Account Detail’,” with details like “Job card number, aadhaar number, bank/postal account number, number of days worked”, and so on.
“As per the NREGA portal, there were 78,74,315 post office accounts of individual workers seeded with aadhaar numbers, and 8,24,22,161 bank accounts of individual workers with aadhaar numbers. The total number of Aadhaar numbers stored by portal are at 10,96,41,502”, they add.
Providig similar instances form two other sources, the researchers insist, “The availability of large datasets of aadhaar numbers along with bank account numbers, phone numbers on the internet increases the risk of financial fraud.”
Underlining that “aadhaar data makes this process much easier for fraud and increases the risk around transactions”, they say, “In the US, the ease of getting Social Security Numbers from public databases has resulted in numerous cases of identity theft. These risks increase multifold in India due the proliferation of aadhaar numbers and other related data available.”

Comments

TRENDING

To Sonam Wangchuk: 'Will undertake 70 hour solidarity fast in Gujarat'

By Martin Macwan *  Dear Colleague Sonam Wangchuk, I have never met you personally. I wrote a short article at the time of your arrest. Your work correctly introduces you. There is truth in your words. You have embarked on a fast, following the footsteps of Gandhiji. Your intention is to make people think. Your demand is reasonable; I believe that the resignation of a single education minister will not improve the state of education in India. However, the question you have raised is extremely important for the future generation of the marginalized. Education is the key to power, development, and progress, which empowers a citizen.

US civil society coalition slams Hudson Institute for hosting RSS leaders

By A Representative   The Hudson Institute ’s “New India Conference,” held on April 23, featured senior figures from India’s ruling political ecosystem, including RSS General Secretary Dattatreya Hosabale and BJP foreign affairs head Vijay Chauthaiwale . The event also included U.S. officials and former diplomats such as Kurt Campbell, Kenneth Juster, and Nisha Biswal, alongside India’s Ambassador to the U.S., Vinay Kwatra.  

Remembering Rampur ka Tiraha: State violence and the birth of Uttarakhand’s struggle

By Vidya Bhushan Rawat*  In the turbulent political landscape of the early 1990s, India witnessed events that reshaped its social and regional equations. After the Babri Masjid demolition in 1992, Uttar Pradesh politics shifted dramatically, bringing the Samajwadi Party–Bahujan Samaj Party coalition to power in 1993 under Mulayam Singh Yadav. But the partnership was uneasy. Mulayam was never entirely comfortable playing the “Mandal card.” While Kanshi Ram and the BSP had consistently demanded the implementation of the Mandal Commission recommendations, Mulayam hesitated, wary of how the move might play out.