Skip to main content

135 million aadhaar details, 100 million bank accounts "leaked" from government websites: Researchers

Screenshot from a NREGA site: Researchers hide details 
Counterview Desk
A top study by the Centre for Internet and Society (CIS) has said that “estimated number of aadhaar numbers leaked” through top portals which handle aadhaar “could be around 130-135 million”. Worse, it says, the number of bank accounts numbers leaked would be “around 100 million”.
The study, carried out by researchers Amber Sinha and Srinivas Kodali, adds, “While these numbers are only from two major government programmes of pensions and rural employment schemes, other major schemes, who have also used aadhaar for direct bank transfer (DBT) could have leaked personally identifiable information (PII) similarly due to lack of information security practices.”
Pointing out that “over 23 crore beneficiaries have been brought under aadhaar programme for DBT”, the study, titled “Information Security Practices of Aadhaar (Or Lack Thereof)”, says, “Government schemes dashboard and portals demonstrate … dangers of ill-conceived data driven policies and transparency measures without proper consideration to data security measures.”
Claiming to have a closer look at the databases publicly available portals, the researchers identify four of them a pool of other government websites for examination:
A welfare programme by the Ministry of Rural Development, the National Social Assistance Programme (NSAP) portal, even as seeking to provide public assistance to its citizens in case of unemployment, old age, sickness and disablement, offers information about “job card number, bank account number, name, aadhaar number, account frozen status”, the researchers say.
Pointing out that “one of the url query parameters of website showing the masked personal details was modified from nologin to login”, they say, the “control access to login based pages were allowed providing unmasked details without the need for a password.”
Another NREGA site screenshot by researchers
In fact, they say, the Data Download Option feature “allows download of beneficiary details mentioned above such as Beneficiary No, Name, Father’s/Husband’s Name, Age, Gender, Bank or Post Office Account No for beneficiaries receiving disbursement via bank transfer and Aadhaar Numbers for each area, district and state.”
They add, “The NSAP portal lists 94,32,605 banks accounts linked with aadhaar numbers, and 14,98,919 post office accounts linked with aadhaar numbers. While the portal has 1,59,42,083 aadhaar numbers in total, not all of whom are linked to bank accounts.”
Also giving the example of the national rural job guarantee scheme, popularly called NREGA, the researchers say, its portal provides DBT reports containing “various sub-sections including one called ‘Dynamic Report on Worker Account Detail’,” with details like “Job card number, aadhaar number, bank/postal account number, number of days worked”, and so on.
“As per the NREGA portal, there were 78,74,315 post office accounts of individual workers seeded with aadhaar numbers, and 8,24,22,161 bank accounts of individual workers with aadhaar numbers. The total number of Aadhaar numbers stored by portal are at 10,96,41,502”, they add.
Providig similar instances form two other sources, the researchers insist, “The availability of large datasets of aadhaar numbers along with bank account numbers, phone numbers on the internet increases the risk of financial fraud.”
Underlining that “aadhaar data makes this process much easier for fraud and increases the risk around transactions”, they say, “In the US, the ease of getting Social Security Numbers from public databases has resulted in numerous cases of identity theft. These risks increase multifold in India due the proliferation of aadhaar numbers and other related data available.”

Comments

TRENDING

To Sonam Wangchuk: 'Will undertake 70 hour solidarity fast in Gujarat'

By Martin Macwan *  Dear Colleague Sonam Wangchuk, I have never met you personally. I wrote a short article at the time of your arrest. Your work correctly introduces you. There is truth in your words. You have embarked on a fast, following the footsteps of Gandhiji. Your intention is to make people think. Your demand is reasonable; I believe that the resignation of a single education minister will not improve the state of education in India. However, the question you have raised is extremely important for the future generation of the marginalized. Education is the key to power, development, and progress, which empowers a citizen.

US civil society coalition slams Hudson Institute for hosting RSS leaders

By A Representative   The Hudson Institute ’s “New India Conference,” held on April 23, featured senior figures from India’s ruling political ecosystem, including RSS General Secretary Dattatreya Hosabale and BJP foreign affairs head Vijay Chauthaiwale . The event also included U.S. officials and former diplomats such as Kurt Campbell, Kenneth Juster, and Nisha Biswal, alongside India’s Ambassador to the U.S., Vinay Kwatra.  

Gujarat police SOP sparks questions over communal profiling

By Shabnam Hashmi*  The Gujarat government must be held accountable for what appears to be a deeply disturbing instance of state-sponsored communal profiling. Ahmedabad resident Sahal Qureshi recently shared with me an official document , which I translated with the help of AI before forwarding it to several media organisations and political leaders.