File photo. Photograph:( Zee News Network )
A new report has emerged detailing a major data leak in India's biometric ID programme, Aadhaar, allowing access to private information, business technology news website ZDNet reported on Saturday.
According to the report, a security researcher from New Delhi, Karan Saini found out that one of the state-owned utility company is responsible for the breach.
Saini said that anyone with an Aadhaar number was affected.
The data breach allows anyone with the technical know-how “to download private information on all Aadhaar holders”. Anyone who knows what they are doing can access the full name, consumer number used by the utility company, and their unique 12-digit identity numbers, and their bank details, ZDNet said.
Even though the security lapse had been flagged to some government agencies over a period of time, it has yet to be fixed. ZDNet said it was withholding the name of the utility and other details.
"This is a security lapse. You don't have to be a consumer to access these details. You just need the Uniform Resource Locator where the Application Programming Interface is located. These can be found in less than 20 minutes," Saini told Reuters.
However, UIDAI refuted reports in sections of media sourced from news website which quoted a man purportedly claiming to be a security researcher that a state-owned utility company has vulnerability which can be used to access a huge amount of Aadhaar data including banking details
Officials at UIDAI said: "There is no truth in this story as there has been absolutely no breach of UIDAI’s Aadhaar database. Aadhaar remains safe and secure."
Aadhaar, a biometric identification card with over 1.1 billion users, is the world's biggest database.
But it has been facing increased scrutiny over privacy concerns following several instances of breaches and misuse.
Last Thursday, the CEO of the UIDAI said the biometric data attached to each Aadhaar was safe from hacking as the storage facility was not connected to the internet.
"Each Aadhaar biometric is encrypted by a 2048-key combination and to decode it, the best and fastest computer of our era will take the age of the universe just to hack into one card's biometric details," Ajay Bhushan Pandey said.
(with inputs from Reuters)