In what appears to be the biggest ever Aadhaar data leak in India, Aadhaar details of as many as 7.82 crore Indians have been found in possession of IT Grids Pvt. Ltd. The Telugu Desam Party hired the company for developing its “Seva Mitra app,” says a Times of India report.
The data breach came to light after the Telangana State Forensic Laboratory (TSFSL) was examining the data recovered by the Telangana police from the IT Grid’s premises. It was found that the company had illegally acquired access to the Aadhaar data of “7,82,21,397” residents of Telangana and Andhra Pradesh.
Based on a report submitted by a Special Investigation Team (SIT), an FIR was lodged in the Madhapur police station, and a case has been registered under the sections 37,38(a), 38(g), 40, 42,42 of Aadhaar Act 2016.
Central Repository of Aadhaar Data Breached
During the investigation, it was revealed that the size and structure of the database illegally possessed by the IT Grids are similar to the database maintained by the Unique Identification Authority of India (UIDAI). The investigation also found that the Aadhaar data has been used for voter profiling, targeted campaigns, and deletion of votes.
After examining the structure of data and the manner in which IT Grids stored it, the police are suspecting that the data has been acquired from Central Identities Data Repository (CIDR) which is the centralized repository of demographic and biometric data of Aadhaar users.
According to the complainant, “Availability of such unique information of an Aadhaar number indicates that the accused in the case might have illegally accessed CIDR or SRDH and has used such information or data for wrongful gain,”
Not the first accusation on IT Grids
This is not the first accusation levied on IT Grids. The company was earlier booked in March for obtaining sensitive data, and a case was filed against the company.
UIDAI Denies Breach
UIDAI has cleared its stance and has denied that any such breach of Aadhaar details has happened. A UIDAI official said that the Aadhaar database is stored in an encrypted manner and there have been no instances of data theft from CIDR.
Implications for Aadhaar users
Police have confiscated the illegally acquired data, but we are not sure whether the accused company has misused the data or not. If yes, there could be severe implications, especially with the upcoming Loksabha elections in the country.
UIDAI has filed around 30 FIRs in different cases of the Aadhaar data breach since the Aadhaar Act 2016 was brought into existence.
What are your thoughts on the data theft? What can be done to contain such data breaches? Tell us in the comments below.