New Delhi, January 29: Another Aadhaar data breach incident came to light after officials of State Bank of India (SBI) informed that the biometric details were misused to make fake Aadhaar cards at several Aadhaar enrolment centres across the state. According to a report by TOI, several operators, who were sent to rural areas to help people generate Aadhaar cards, used their operator ID to generate Aadhaar cards using fraudulent documents. The report quotes SBI officials saying that logins and biometrics of the Aadhaar operators were misused to generate unauthorised Aadhaar cards. However, the UIDAI refuted all the claims and said that Aadhaar database is fully secured and no security breach, biometric or otherwise, has taken place.  Aadhaar Card Holders Can Opt Out, Get Their Data Deleted As Government Looks to Amend Act. 

According to a report by TOI, the incident came to light when SBI, like other banks, was given an Aadhaar enrolment target for which it selected vendors from two agencies in Chandigarh region. Out of the 250 operators sent for Aadhaar work in several rural areas, nearly half were penalised in the last two months. They were either deactivated or blacklisted from working at Aadhaar enrollment centres. As the operators were barred from their duties for engaging in fraudulent activities, SBI’s Aadhaar enrolments took a hit at many branches. Due to this, the bank failed in meeting the targets, which caused heavy penalties. Aadhaar Data Breach: UIDAI Dismisses Report of Hacking of Software as 'Incorrect'. 

The report further informs that out of those penalised was 40-year-old Vikram, who worked for a monthly salary of Rs 10,000 as an Aadhaar operator at the SBI branch in a small village called Uchana in Haryana. On 26th December, 2018, UIDAI fined him more than Rs 33 lakh for using his operator ID to generate Aadhaar cards using fraudulent documents between November 9 and 17th November, 2018.

The report states that Vikram managed to generate fake Aadhaar cards using “multiple station IDs” in his name, which allowed Aadhaar cards to be made from multiple devices. It must be noted that every device, used for Aadhaar enrolment is registered with UIDAI and identified by the “station ID”.

As soon as the incident was reported, SBI officials in Chandigarh alerted the bank’s corporate office in Mumbai to raise the issue with UIDAI. They informed saying they did not create these multiple station IDs and there must have been lacunae in UIDAI’s security system that allowed “someone to hack the system and generate multiple station IDs” in Vikram’s name. Aadhaar Software Hacked, Any Unauthorized Person From Anywhere in the World Can Generate ID For Rs 2,500. 

The TOI report stated that SBI deputy general manager B Rajendra Kumar confirmed that he was aware of the “misuse of the biometrics” and all the issues faced by their sub-vendors. Kumar stated that the Bank has raised this issue with UIDAI. “The authority should be more transparent with us and let us know how this is happening. They should also guide us on the issue and, above all, make their database more secure,” he told TOI. However, an internal inquiry by the bank, and also the agency (vendor), cleared Vikram of the charges levelled by UIDAI. almost all the operators, except Vikram, were cleared by UIDAI and allowed to return to work.

(The above story first appeared on LatestLY on Jan 29, 2019 10:37 AM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).