UIDAI denies report of Aadhaar data breach in IT Grid case

UIDAI denies report of Aadhaar data breach in IT Grid case

In a statement, the UIDAI said that there is no evidence which points towards a breach in the Central Identities Data Repository or its servers

The Unique Identification Authority of India (UIDAI) has refuted reports claiming breach of its servers in the latest case of Aadhaar data leak. A private firm, IT Grid (India), was recently accused of obtaining personal details of 7.82 crore Aadhaar holders in Andhra Pradesh and Telangana.

In a statement on Wednesday, the Aadhaar issuing authority said that its Central Identities Data Repository (CIDR) and servers are completely safe and fully secure. UIDAI further clarified that no illegal access was made to its CIDR and no data has been stolen from its servers. Citing an SIT report, the UIDAI said that nowhere in the report it has been mentioned that Aadhaar number, name, address, etc. of the people have been stolen from UIDAI servers.

ALSO READ: Aadhaar authentication rate improves, but fertiliser DBT far from perfect

"Mere possession and storage of Aadhaar numbers of people, though maybe an offence under the Aadhaar Act under some circumstances, does not put the Aadhaar holders under any harm in any manner whatsoever because for assessing any Aadhaar based services, biometrics or One Time Password (OTP) is also required," UIDAI clarified.

The UIDAI further stated that it has filed a complaint on the basis of a report from Special Investigation Team (SIT) of Telangana Police that IT Grids (India) Pvt. Ltd has allegedly obtained and stored Aadhaar numbers of a large number of people in violation of the provisions of the Aadhaar Act. Through the FIR, UIDAI has requested the police to investigate as to for what purpose IT Grid collected, stored and used the Aadhaar numbers, and whether any provisions of Aadhaar Act have been violated in the process, the authority said.

ALSO READ: Now, after turning 18 you can exit Aadhaar, cabinet passes ordinance

UIDAI clarified that service providers usually collect personal data directly from individuals for providing services. "They are required under the Aadhaar Act and Information Technology Act to use this sensitive information only for the purpose for which such information has been collected and are not allowed to share further without the consent of the Aadhaar holders. If they violate the provisions of Aadhaar Act in the collection of Aadhaar numbers from people, their storage, usage, and sharing, they are liable to be prosecuted under the Aadhaar Act," the authority said.

IT Grids has reportedly been booked under the provisions of Aadhaar Act for alleged data leak affecting 7.82 crore Aadhaar holders.