Mera Aadhaar Meri Pehchan: But Leaked All Over the Internet!
Moneylife Digital Team 15 March 2018
Despite the Unique Identification Authority of India (UIDAI) shirking its responsibility for safety and security of Aadhaar data, the internet is full of such records. A simple search can reveal Aadhaar data of hundreds, if not thousands, of the UID holders. In fact, by using simple words like 'Mera Aadhaar meri pehchan filetype:pdf', we stumbled upon detailed profiles of people uploaded online by third parties or agents. 
 
 
One such site, on first page of the search results is StarCardsIndia.com, which seems to think that uploading entire application forms for obtaining permanent account number (PAN) of people in internet is 'smart' thing to do. This website is registered by one Krishna Chaitanya Mories for Desimobile Voice Labs Communications Pvt Ltd from Hyderabad, as per records from Who.is.The data uploaded in PDF format includes, Aadhaar number, mobile number, email ID, address and photo, along with other personal details of the applicants. 
 
 
Since Desimobile Voice Labs is registered in Hyderabad, we may think that it may be an agency helping people from that area to obtain PAN cards. However, the data we stumbled upon reveals that the applicants are from Bareilly, Darbhanga and Banda, mostly from Uttar Pradesh and Bihar. It is still fine, but why it needs to upload and publish all records of individuals in the public domain is not clear. 
 
 
Most shocking is a CancerCareTrust.org, which is found uploading all details of cancer patients like children and their parents online! 
 
 
One college from Mirajapur even uploaded all data including Aadhaar number, mobile numbers of its teachers. The college have also uploaded self-attested scanned copies of Aadhaar on its website.
 
  
Is there any solution to this? Some may even ask, if this was not the case before Aadhaar. Yes, there were few instances. However, those pre-Aadhaar leakages were not able to disable a person from the entire system. Aadhaar has the capability as the UIDIA itself had admitted about deactivating 81 lakh UID numbers. As per the provisions of Sections 27 and 28 of Aadhaar Act, a person's Aadhaar can be cancelled or deactivated if multiple Aadhaar have been issued, or there are discrepancies in the biometric data or supporting documents. But then who has verified or audited Aadhaar data collected by third parties, based on which UIDAI has been issuing the UID number? 
 
Earlier this week, French security expert who goes under the pseudonym 'Elliot Alderson' (@fs0c131y) had exposed vulnerabilities of Aadhaar and UIDAI and found almost 20,000 Aadhaar cards on the internet within three hours. The UIDAI, however, dismissed the claim in its usual fashion. (Read: 20,000 Aadhaar cards found within 3 hours by security expert; UIDAI dismisses report)
 
UIDAI, however, dismissed the claims. In its tweets, the authority said, "Publication of Aadhaar cards by some people have absolutely no bearing on UIDAI and not the least on Aadhaar security. Aadhaar as an identity document by its very nature needs to be shared openly with others as and when required and asked for. Aadhaar just like any other identity document, therefore, is never to be treated as a confidential document. Although Aadhaar has to be shared with others, it being a personal information like mobile number, bank account number, PAN card, passport, family details, etc, should be ordinarily protected to ensure privacy of the person."
Comments
Sanjay Saxena
1 year ago
It's still not clear whether we are supposed to share a scanned JPG copy of our Aadhaar card for KYC purposes or not. Certain SEBI registered entities (share brokers, investment advisors, etc.) ask for a copy for KYC. What shall we do under such circumstances? Maybe Moneylife can provide some guidance through a follow-up article. Thank you.
Pandit Akshay Tiwari
3 years ago
12345
Nitish Kumar
3 years ago
Que puis-je faire quand je commence ma carrière ou qu'est-ce que c'est?
MUKUND PHADKE
3 years ago
For last two months trying for Aadhar link mobile portability from mtnl to Vodafone, so I am without Aadhar linked mobile. Now if someone misuses , it is fault of system.
Raghunadha Rao K
3 years ago
Inspite of several objections adamant penchant for promoting aadhar is going on.we
do not know what the real obective is.Students for exams,patients in hospitals even in
graveyards the aadhar is asked.while looters from PNB could go scot free with aadhar
in system the insistence on unsafe exercize isuseless
Ramesh I
3 years ago
It is such blatant misuse / abuse of information by third parties (and even Govt Depts / websites) which makes one vulnerable to exploitation by crooks and is a violation of one's fundamental right to privacy. As the SC originally stated in its Oct'15 interim order that Aadhar should be made mandatory only for a select few govt welfare scheme. Yet, the erstwhile UPA Govt and subsequently the NDA Govt has brazenly violated that SC order and forced people to share their Aadhar in various areas which are not remotely related to 'welfare'. I wish the SC had been more proactive and instructed the Govt to stop making Aadhar necessary for frivolous reasons like linking to mobile connections, Bank A/cs (which are anyway seeded with PAN No., and PAN is linked to Aadhar). Of late, even local cable TV distributor has been demanding copy of Aadhar Card for new subscriptions, and one wonders who else he may be sharing such info with. There are already cases of multiple mobile connections having been taken on one's Aadhar No. even in cities one has never visited, so this illegal sharing of citizens' Aadhar Card is rampant and neither the Govt nor UIDAI has cared to address this. Nothing much has happened even after the recent expose by Tribune journos who obtained tons of Aadhar info by paying a mere Rs 500 to some agency/person who had unrestricted access to the entire Aadhar Database of over a billion people. Aadhar Project was poorly planned and worse, poorly executed in haste, as it probably serves some sinister purpose for politicians to exploit. Else, no new govt would pursue such a project of previous govt if it didn't have 'hidden' benefits.
Ravindra Prabhakar Joshi
3 years ago
There are so many places where we have to give our personal details. And we do share them without much fuss. Integrating Bank accounts/ PAN and mobile number is a must to avoid misuse, frauds and also terrorism. What if we had only one number from the beginning? We would not have objected. It is better remove the flaws in the system instead of the system itself.
GLN Prasad
3 years ago
There may be more shocks in future. To day a consumer of HP gas learnt that the Gas subsidy not being credited to his bank account seeded with AADHAR with distributor, but some one created an account and without knowledge, consent the subsidy is being credited to unknown account. Neither Gas distributor,company nor consumer knows which bank account and how it can be credited without cancelling the previous and without knowledge of actual consumer. Every one says "we do'nt know". Distributor provided just a bank name (not branch, not account number) washed his hands off. No reply from GAS PSU except ritual directions to distributor to look into the matter. The consumer a low paid security guard is knocking each door to get the subsidy to account. Finally, with lot of efforts it was learnt that one bank created an account without any forms , opened the account, and subsidy is being credited in that dummy fake account in the name of consumer. That means every one can enter and make any modifications in AADHAR seeding without knowledge of concerned parties. PSU Gas company says they do not know how it can be avoided.
Sanujit Ghose
3 years ago
I got into IAS in 1964 and by turn of the postings I arrives in the govt of India in 1972. I was one of the few who got the Aadhar card soon thereafter in early I970s. Ration card, driving licence, passport everything I got without any reference to the Aadhar card. Suddenly, a legislation appeared and got passed in the Parliament. Right from the cradle to the burning ghat, Aadhar is a must. Every govt agency is unwilling to accept the legality of personal identity in a court for a legal matter. Yet for getting the ration weekly, gas cylinder etc Aadhar is daily required otherwise the very livelihood is denied! Neither the issuing company nor any govt department is the authorized department for the legality of a card holder!
Gurudutt Mundkur
3 years ago
With the Supreme Court postponing the deadline, we need to get to know the percentage of AADHAAR numbers which have leaked. This figure should be then be given to the SC.
Also, the Govt should produce documents how many illegal registrations under various schemes have been detected. Parliamentarians and the public should be informed of these figures.
SuchindranathAiyerS
3 years ago
Ever since I linked my Aadhar to my Airtel mobile, I have been getting unwanted calls from scamsters, particularly stock exhangists, and others.
Mrinal Thakkar
Replied to SuchindranathAiyerS comment 3 years ago
when you were linking , you gave them permission (i gave consent too , but out of force and not choice) to share your details with Airtel , UIDAI and all of airtel's partners (i got to know this when i called on 14546 to link my uncle's aadhar because his fingerprint wouldnt match)

i am sure all other companies are doing the same "legally".

unfortunately no escape from it
Free Helpline
Legal Credit
Feedback