Aadhaar Data Breach: UIDAI Dismisses Report of Hacking of Software as 'Incorrect'
Image used for representational purpose | (Photo Credits: PTI)

New Delhi, Sep 11: The Unique Identification Authority of India (UIDAI) on Tuesday dismissed a news report of alleged hacking of the Aadhaar software. Calling the report 'baseless' and 'incorrect', the UIDAI reiterated no operator can make or update Aadhaar cards without biometrics of residents. In a series of tweets, the UIDAI further said that 'certain vested interests are deliberately trying to create confusion in the minds of people which is completely unwarranted'.

"Claims made in the report about Aadhaar being vulnerable to tampering leading to ghost entries in Aadhaar database by purportedly bypassing operators’ biometric authentication to generate multiple Aadhaar cards is totally baseless," the UIDAI tweeted. "The report itself accepts that “it (patch) doesn’t seek to access information stored in the Aadhaar database”," it said in another tweet. The UIDAI further clarified that no operator can make or update Aadhaar unless resident gives his/her biometric.

"Any enrolment or update request is processed only after biometrics of the operator is authenticated and resident’s biometrics is de-duplicated at the backend of UIDAI system. As part of our stringent enrolment & updation process, UIDAI checks enrolment operator’s biometric and other parameters before processing of the enrolment or updates and only after all checks are found to be successful, enrolment or update of resident is further processed," it said.

Therefore, the UIDAI said, it is not possible to introduce ghost entries into Aadhaar database. "The reported claim of “anybody is able to create an entry into Aadhaar database, then the person can create multiple Aadhaar cards” is completely false," it added. The government body said the operators are blacklisted if they are found violating UIDAI’s strict enrolment and update processes. It says it adds new security features in Aadhaar system from time-to-time to thwart new security threats by unscrupulous elements.

An investigation by HuffPost India revealed that the Aadhaar database, which contains the biometrics and personal information of over one billion Indians, "had been compromised by a software patch which disables critical security features of the software used to enrol new Aadhaar users". According to the report, any unauthorized person from anywhere in the world can generate Aadhaar ID using the patch which is freely available for Rs 2,500.