[BreachExchange] India: In A Shocking Breach, Aadhaar Details Of A Million Pensioners Leaked In Jharkhand
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Apr 24 18:48:52 EDT 2017
http://www.huffingtonpost.in/2017/04/22/in-a-shocking-
breach-aadhaar-details-of-a-million-pensioners-le_a_22051319/
In a shocking breach of privacy, the personal details over one millions
Aadhaar subscribers were leaked on a website run by the Jharkhand
Directorate of Social Security, the Hindustan Times reported.
Most of the vulnerable are senior citizens, who are beneficiaries of the
state's old-age pension scheme. Jharkhand has 1.6 million pensioners, among
whom 1.4 million have reportedly seeded their Aadhaar cards for direct
transfer of the monthly pension into their accounts.
In the security violation, personal details such as name and bank account
number were revealed for a bulk of these users, deepening the existing
worries about safety feature in Aadhaar cards.
According to Section 29 (4) of the Aadhaar Act, publishing Aadhar numbers
of consumers is illegal, though such violations are known to have happened
in the recent past.
Earlier this year, cricketer Mahendra Singh Dhoni's Aadhaar details were
inadvertently leaked on social media, which led his wife, Sakshi, to
complain to the Union Law and Information and Technology Minister, Ravi
Shankar Prasad. In its response, the Unique Identification Authority of
India (UIDAI) blacklisted the service provider for 10 years.
The Supreme Court, along with other cyber security agencies, have expressed
repeated concerns over the shoddy security features of Aadhaar and asked
the State not to make it mandatory for citizens to avail themselves of
benefits. However, the emphasis, in the last few months, have been on the
contrary — to link every major aspect of a citizen's life to Aadhaar,
including the filing of tax returns.
According to HT, officials of Jharkhand government seemed to be in the know
of the breach for a few days but sounded blasé about it while speaking to
the paper. Apart from security breaches, Aadhaar is plagued in other
controversies, such as denial of legal benefits to citizens on account of
malfunctioning machines or faulty biometric data collection.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170424/f33a31db/attachment.html>
More information about the BreachExchange
mailing list