In yet another incident of personal data breach, for last few months, some sensitive data of almost 130 million Aadhaar card holders is said to be out in the public domain. The leaked data includes bank account details of over one crore people linked to Aadhar numbers under the direct benefit scheme. Over eight crore people lost their private data on the national job guarantee scheme website alone.
The security breach was reported by the Center for Internet Society (CIS) which deals with the publication of Aadhaar data and their security. The report says the information was available on the internet since November, and the CIS officials have initiated steps to remove them from internet. But, this time the government can’t blame others as the data was leaked from websites of Centre’s rural development ministry and the state government of Andhra Pradesh, reported the Centre of Internet & Society, a non-profit research organisation.
This is not the first time that such large number of sensitive data has been leaked. Private data of 1,59,42,083 people were leaked on the social assistance scheme site. According to a report in NDTV, the two Andhra Pradesh sites breached the privacy of three crore people. Information leaked on most of the sites could be downloaded as Excel sheet. It is estimated that data on 23 crore people is linked to Aadhaar under the direct benefit scheme. “Sensitive personal identity information such as Aadhaar number, caste, religion, address, photographs and financial information are only a few clicks away and suggest how poorly conceived these initiatives are,” the report said.
The sites included data of MNREGA (Central scheme for rural employment) which caters 25.46 crore people across country. On the NSAP site, the CIS found, a simple tweak provides access to Aadhaar of 94 lakh beneficiaries and almost 15 lakh post office accounts linked to it, as well as bank details. The total number of Aadhaar made public here are 1.59 crore.
Experts point out that criminals can misuse personal data on Aadhaar and bank account. The data could be used even to obtain SIM cards and carry out online transactions.