wordpress blog stats
Connect with us

Hi, what are you looking for?

Around 130-135M Aadhaar Numbers published on 4 sites alone

“Therefore, there is no data leak, there is no systematic problem, but, if any one tries to be smart, the law ignites into action.” – Ravi Shankar Prasad, IT Minister, in the Rajya Sabha, on 10th April 2017

Details of around 130-135 million Aadhaar Numbers, and around 100 million bank numbers have been leaked online by just four government schemes alone: the National Social Assistance Programme, the National Rural Employment Guarantee Scheme (NREGA), Daily Online Payments Reports under NREGA (Govt of Andhra Pradesh), and the Chandranna Bima Scheme (Govt of Andhra Pradesh), as per a research report from the Centre for Internet and Society.

Download the report here.

While the data leaked differs across schemes, it could include information such as Name, Aadhaar Number, Bank Account Number, Father’s/Husband’s Name, Age, Gender, among other things. In other words, a spammer/scammer/phishing-entity’s dream come true. The Aadhaar Number is a permanent irrevocable number which is being made mandatory, and is being forcibly linked to mobile numbers, bank accounts, tax filings, scholarships, pensions, rations, school admissions, health records and much much more, which thus puts more personal information at risk.

The report estimates that given the scale of the data leaks (beyond these schemes), the number could be closer to around 230 million (23 crore), given that “Over 23 crore beneficiaries have been brought under Aadhaar programme for DBT (direct benefit transfer), and if a significant number of schemes have mishandled data in a similar way.” This essentially means that personally identifiable information for almost 17% (assuming India has 1.30 billion people) may be at risk; this doesn’t include parallel databases created by private entities who may collect Aadhaar and personal information from citizens.
Note that while this data has now been taken down, there are several other instances of data remains published online. The report has been written by Amber Sinha and Srinivas Kodali. Kodali was among the first to report instances of Aadhaar numbers and personal data being published online: a Telangana government agency had published personally identifiable information of 500,000 to 600,000 children.

Data Available

1. National Social Assistance Programme:

Advertisement. Scroll to continue reading.
  • A total of 1,59,42,083 Aadhaar Numbers, though not all are linked to Bank Accounts. It has 94,32,605 bank accounts and 14,98,919 post office accounts linked with Aadhaar Numbers.
  • The data includes list of pensioners by state, districts, area, sub-district/municipal area and gram panchayat/ward, with Job card number, Bank Account Number, Name, Aadhaar Number, account frozen status.
  • A data download option allows a download of Beneficiary No., Name, Father’s/Husband’s Name, Age, Gender, Bank or Post Office Account No. for beneficiaries receiving disbursement via bank transfer and Aadhaar Numbers for each area, district and state.

2. National Rural Employment Guarantee Scheme:

  • A total of 10,96,41,502 Aadhaar Numbers, 78,74,315 post office accounts of workers seeded with Aadhaar Numbers, and 8,24,22,161 bank accounts.
  • The data includes granular reports for each district, mandal and panchayat, including Job card No., Aadhaar Number, Bank/Postal Account Number, no. of days worked, Registration Number, account frozen status.

3. Chandranna Bima Scheme, Govt of Andhra Pradesh:

  • 2,05,65,453 workers registered under the Aam Aadmi Bima Yojana. The data is organised in the form of list workers registered for each district, mandal, village and block, and within each block, there is a list of all registrants.
  • Each registrant has their own page with the following data: Aadhaar Numbers, Name, Father’s/Husband’s Name, age, caste, mobile number, gender, partially masked bank account number, IFSC Code, Bank Name and details of the nominee. MS Access databases of all the data were also available, and these had the masked data unmasked.

4. Daily Online Payment Reports of NREGA, Govt of Andhra Pradesh

  • 11299803 Aadhaar Numbers, 76,63,596 bank account numbers
  • Personal information: Job card No., Aadhaar Number, Bank/Postal Account Number, Whether it is seeded with mobile number, no. of days worked, registration Number, date on which e-pay order number is created, date, date on which e-pay order number is sent to paying agency, date of which credit to worker’s account, time and date for disbursement, pay order amount, mode of payment.

The report points out that while some of data has subsequently been masked, it does not mean that government agencies have purged the data, which leaves it open to both cyberattacks, and any potential leakages of data those with access to it.

Also, “retrospectively addressing some of these concerns has little or no impact without data de-identification standards, information security protocols and proper access control to sensitive personally identifiable data collected.”

Our Take

1. It’s probably bigger than just 130 million: At MediaNama, we’ve documented other instances of government departments publishing Aadhaar data (and we’ve viewed this data, downloaded excel sheets to check), so the scale of the public disclosure of information, with no accountability, is truly frightening. Government competence is truly an oxymoron. It won’t be long before this data is sold. Apparently such data already is being sold:

2. Faulty by design: While Aadhaar creator Nandan Nilekani and the IT Minister Ravi Shankar Prasad might give assurances that the Aadhaar database is safe, the fact is that Aadhaar was poorly designed: it may have taken into account the security aspects of storing this data, but it didn’t take into account the systemic risks of incompetent government departments handling this data, and disclosing it, putting citizens at risk. To remind you: the Aadhaar Number is a permanent, irrevocable number which is being made mandatory, and is being forcibly linked to mobile numbers, bank accounts, tax filings, scholarships, pensions, rations, school admissions, health records and much much more.

3. Faulty law: According to the Aadhaar Act, a citizen has no recourse in case of a data breach because your Aadhaar data doesn’t belong to you: it belongs to the government. While the UIDAI has acted in some cases against errant external agencies (around 34,000 of them), there is no information on cases being filed against government departments filing these cases.

Advertisement. Scroll to continue reading.

Also read: 

Notes from hearings in the case linking Aadhaar to the PAN Card

Download the report here.


Advertisement. Scroll to continue reading.
Written By

Founder @ MediaNama. TED Fellow. Asia21 Fellow @ Asia Society. Co-founder SaveTheInternet.in and Internet Freedom Foundation. Advisory board @ CyberBRICS

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



While the market reality of popular crypto-assets like Bitcoin may undergo little change, the same can't be said for stablecoins.


Bringing transactions related to crypto-assets within the tax net could make matters less fuzzy.


Loopholes in FEMA and the decentralised nature of crypto-assets point to a need for effective regulations.


The need of the hour is for lawmakers to understand the systems that are amplifying harmful content.


For drone delivery to become a reality, a permissive regulatory regime is a prerequisite.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ