You are here: Home » Economy & Policy » News
Business Standard

Explain your claim of 13 cr Aadhaar numbers being leaked: UIDAI to CIS

The Aadhaar body asked for details about servers where downloaded 'sensitive data' are residing

Press Trust of India  |  New Delhi 

Logo of Aadhaar. Photo: Twitter (@UIDAI)
Logo of Aadhaar. Photo: Twitter (@UIDAI)

Aadhaar-issuing authority has asked research firm Centre for Internet and Society (CIS) to explain its sensational claim that 13 crore numbers were "leaked" and provide details of servers where they are stored.

In a precursor to initiating a probe into the matter, the Unique Identification Authority of (UIDAI) also wants CIS to clarify just how much of such "sensitive data" are still with it or anyone else.

The — which has vehemently denied any breach of its — shot off a letter to CIS yesterday asking for the details, including the servers where the downloaded "sensitive data" are residing and information about usage or sharing of such data.

Underscoring the importance of bringing to justice those involved in "hacking such sensitive information", the sought CIS' "assistance" in this regard and has given it time until May 30 to revert on the issue.

"Your report mentions 13 crore people's data have been leaked. Please specify how much (of) this data have been downloaded by you or are in your possession, or in the possession of any other persons that you know," the said in its communication to CIS.

Interestingly, in what market watchers described as an apparent flip-flop, CIS has now clarified that there was no leak' or 'breach' of numbers, but rather 'public disclosure'.

Meanwhile, the has quoted sections of the Act, 2000, and the Act to emphasise that violation of the clauses are punishable with rigorous imprisonment of up to 10 years.

"While your report suggests that there is a need to strengthen IT security of the government websites, it is also important that persons involved in hacking such sensitive information are brought to justice for which your assistance is required under the law," it said.

The has also sought technical details on how access was gained for the National Social Assistance Programme (NSAP) site -- one of the four portals where the alleged leak happened.

When contacted, CEO Ajay Bhushan Pandey said, "We do not comment on individual matters."

The has also asked for details of systems that were involved in downloading and storing of the sensitive data so that forensic examination of such machines can be conducted to assess the quantum and extent of damage to privacy of data.

The letter comes after a CIS' report early this month which claimed that numbers and personal information of as many as 135 million Indians could have been leaked from four government portals due to lack of IT security practices.

"Based on the numbers available on the websites looked at, estimated number of numbers leaked through these four portals could be around 130-135 million," the report had said.

However, in an apparent course correction on May 16, a day before the UIDAI's letter went out -- CIS updated its report and clarified that although the term 'leak' was originally used 22 times in its report, it is "best characterised as an illegal data disclosure or publication and not a breach or a leak".

CIS has also claimed that some of its findings were "misunderstood or misinterpreted" by the media, and that it never suggested that the biometric had been breached.

"We completely agree with both Dr Pandey (CEO) and Sharma (Trai Chairman R S Sharma) that CIDR (central repository) has not been breached, nor is it suggested anywhere in the report," CIS said in its latest update.

First Published: Fri, May 19 2017. 12:17 IST