 "No Aadhaar data breach till date from UIDAI database: Govt in Lok Sabha")
The Centre on Wednesday told Parliament that there has been no breach of Aadhaar cardholders’ data from the database of the Unique Identification Authority of India (UIDAI) till date.
In a written reply to the Lok Sabha, Union Minister of State for Electronics and Information Technology Jitin Prasada said no incident of data compromise involving the core UIDAI database had been reported so far.
“Aadhaar is the world’s largest biometric identity system, with around 1.34 billion live Aadhaar holders. It has completed more than 160 billion authentication transactions,” the minister said.
He added that UIDAI, the statutory authority responsible for issuing Aadhaar numbers, has put in place robust and comprehensive safeguards to protect the personal data of Aadhaar number holders.
Security measures to protect Aadhaar data
Detailing the safeguards, the minister said UIDAI follows a multi-layered security architecture based on the principle of defence-in-depth. The systems are regularly reviewed and audited to ensure continued protection against evolving cyber threats.
The Aadhaar ecosystem uses advanced encryption technologies to secure data both during transmission and storage.
“UIDAI’s Information Security Management System is certified under ISO 27001:2022 by the Standardisation Testing and Quality Certification (STQC) Directorate. It also holds ISO/IEC 27701:2019 certification for privacy information management,” he said.
Prasada said UIDAI has been declared a protected system, with the National Critical Information Infrastructure Protection Centre (NCIIPC) providing continuous security advisories to strengthen its cybersecurity posture.
“An independent audit agency is engaged for the creation of the Governance, Risk, and Compliance and Performance (GRCP) framework for the Aadhaar ecosystem and oversight for adherence to the same. It continuously conducts cybersecurity audits of UIDAI applications, including Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST),” he said.
Past concerns, official position unchanged
Concerns over alleged Aadhaar data breaches have surfaced previously in the public domain, largely centred on the risk of identity theft and fraud if personal information were to be exposed through vulnerabilities in the wider ecosystem.
However, the government has consistently maintained that there has been no breach of the core UIDAI database.
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%