NEW DELHI: India has been hit by the biggest ever data security leak.
India’s biometric ID programme, Aadhaar, has been hit by anothermajor security lapse, allowing access to private information, businesstechnology news website ZDNet reported on Saturday.
A data leak on a system run by a state-owned utility company can allowaccess to private information of Aadhaar holders, exposing their names,their unique 12-digit identity numbers, and their bank details, ZDNet said.
Even though the security lapse had been flagged to some government agenciesover a period of time, it has yet to be fixed. ZDNet said it waswithholding the name of the utility and other details.
Karan Saini, a New Delhi-based security researcher, said that anyone withan Aadhaar number was affected.
“This is a security lapse. You don’t have to be a consumer to access thesedetails. You just need the Uniform Resource Locator where theApplication Programming Interface is located. These can be found in lessthan 20 minutes,” Saini said.
Vikas Shukla, spokesman for the Unique Identification Authority of India(UIDAI), which runs the Aadhaar programme, said the agency would issue astatement later on Saturday.
Aadhaar, a biometric identification card with over 1.1 billion users, isthe world’s biggest database.
But it has been facing increased scrutiny over privacy concerns followingseveral instances of breaches and misuse.
Last Thursday, the CEO of the UIDAI said the biometric data attached toeach Aadhaar was safe from hacking as the storage facility was notconnected to the internet.
“Each Aadhaar biometric is encrypted by a 2048-key combination and todecode it, the best and fastest computer of our era will take the age ofthe universe just to hack into one card’s biometric details,” Ajay BhushanPandey said. – Agencies