The probe was ordered on Thursday after the local Tribune newspaper accessed <link> a database containing the identity details of more than one billion citizens, which was being sold for a meagre $8, the report claimed. An anonymous seller over WhatsApp created a "gateway" for one of the newspaper's correspondents to gain access to the database, after which any identification number, referred to as Aadhaar, could be entered and the person's name, address, photo, phone number and email displayed.
On Thursday, the UIDAI said the breach appeared to have been caused by the "misuse" of a grievance-redressal search facility that can be accessed by the public.
"The Aadhaar data, including biometric information, is fully safe," the authority said in a statement.
But Kiran Jonnalagadda, cofounder of the Internet Freedom Foundation, said the incident revealed a serious problem with data security. The breach involved the use of a backdoor created by the UIDAI for the use of authorised parties, a definition encompassing thousands of government officials, he said.
"These officials were allowed to appoint other officials with the right to access data. It's no wonder someone down the chain went rogue and started selling access," Jonnalagadda told Al Jazeera. Growing privacy risks
Activists have warned of increasing security and privacy risks associated with the ambitious Aadhaar project and its linking with government and private services, including banking and telephone accounts.
Security protocols were clearly violated, said Pranesh Prakash, policy director at Centre for Internet and Society.
"This incident shows that those who have legitimate access to the Aadhaar database have been involved in providing illegitimate access to it by creating accounts for others, like the journalist for instance. The entire Aadhaar ecosystem is leaking like a sieve," Prakash told Al Jazeera.
The ruling Bharatiya Janata Party (BJP), meanwhile, dismissed the Tribune report as "fake news".