wordpress blog stats
Connect with us

Hi, what are you looking for?

Punjab govt website publishes over 20,000 Aadhaar Numbers

The Greater Ludhiana Area Development Authority (GLADA) website, a Punjab government website, published online around 20,100 Aadhaar numbers of people who had applied for low-cost housing in Ludhiana and Jagraon, reports the Hindustan Times. HT says that the lists were removed from the homepage after they flagged the issue, but “stayed online on the GLADA server and could be accessed by anyone who had the direct link.” It also cites GLADA’s Chief Administrator Parminder Singh Gill as saying that he was informed that no Aadhaar card number was uploaded on the website.

Frankly, just because they’re denying it doesn’t mean that it didn’t happen. We checked, and while the information is no longer there, we did find a Google cache of a PDF which lists around 1450 applicants, with their names, fathers names and Aadhaar numbers listed. Remember that we had aggregated a list of Aadhaar leaks in April with a long list of instances of organizations publishing Aadhaar information online, after verifying this data. The Centre for Internet and Society subsequently reported that over Aadhaar number and personal information of over 130 million users had been published online. The UIDAI itself was responsible for publishing Aadhaar numbers of a few users.

Note: We’ve found a few more government sites that are publishing Aadhaar numbers online. We’re writing to the UIDAI and IT Minister Ravi Shankar Prasad about this, and will write about this leak only once the data has been removed.

Things to remember

1. These aren’t leaks: While we may have referenced these as Aadhaar Leaks, they aren’t really leaks. They’re instances of government departments publishing Aadhaar numbers online. It’s a conscious and deliberate publishing of the data online. That doesn’t mean there’s malice here: government departments may be ignorant of the fact that they’re breaking the law.

Advertisement. Scroll to continue reading.

2. Breaking the law: Publishing the Aadhaar number (even if it is your own) is a criminal offence. Section 29 of the Aadhaar Act:

29. (1) No core biometric information, collected or created under this Act, shall be—
(a) shared with anyone for any reason whatsoever; or
(b) used for any purpose other than generation of Aadhaar numbers and authentication under this Act.

(2) The identity information, other than core biometric information, collected or created under this Act may be shared only in accordance with the provisions of this Act and in such manner as may be specified by regulations.

(3) No identity information available with a requesting entity shall be—
(a) used for any purpose, other than that specified to the individual at the time of submitting any identity information for authentication; or
(b) disclosed further, except with the prior consent of the individual to whom such information relates.

(4) No Aadhaar number or core biometric information collected or created under this Act in respect of an Aadhaar number holder shall be published, displayed or posted publicly, except for the purposes as may be specified by regulations.


“The Aadhaar number of an individual shall not b e published, displayed or posted publicly by any person or entity or agency.”

“Any individual, entity or agency, which is in possession of Aadhaar number(s) of Aadhaar number holders, shall ensure security and confidentiality of the Aadhaar numbers and of any record or database containing the Aadhaar numbers.”

Advertisement. Scroll to continue reading.

“…no entity, including a requesting entity, which is in possession of the Aadhaar number of an Aadhaar number holder, shall make public any database or record containing the Aadhaar numbers of individuals, unless the Aadhaar numbers have been redacted or blacked out through appropriate means, both in print and electronic form.”

3. Inaction against the government departments: When was the last time a traffic cop got fined for violating traffic rules? When was the last time the UIDAI filed an FIR against individuals in government departments who broke the law by publishing Aadhaar numbers online? They have filed FIRs against private parties (a journalist and a writer), apart from sending notices to a research organization that behaved responsibly about the disclosures. This arbitrariness raises questions of whether government departments are getting preferential treatment, and are, for all practical purposes, above the law.

4. Aadhaar is built to leak: the database may be secure, but it leaks data and its design is such that data may be accessible through the entities it allows database access to. Data security isn’t just about securing your database: it’s also about ensuring that those who also access your data do so securely, and those who take data from you, ensure that it is kept in a manner that is secure. That is why we have the PCI DSS standard for payments.

5. Personal data isn’t just biometric data: Your demographic information, including your name, date of birth, address, fathers name and mobile number are often important personal information, which is linked to Aadhaar. Minister Ravi Shankar Prasad might say that “anything with which you can be profiled is not there”, but this is factually incorrect: demographic information is used for profiling. This is personal information that is sufficient to identify you for several services. As an example, click here to read how BJP member and current UIDAI member Rajesh Jain, who also runs a digital marketing firm Netcore, talked about using demographic data for targeting for election campaigns.

Advertisement. Scroll to continue reading.
Written By

Founder @ MediaNama. TED Fellow. Asia21 Fellow @ Asia Society. Co-founder SaveTheInternet.in and Internet Freedom Foundation. Advisory board @ CyberBRICS

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



While the market reality of popular crypto-assets like Bitcoin may undergo little change, the same can't be said for stablecoins.


Bringing transactions related to crypto-assets within the tax net could make matters less fuzzy.


Loopholes in FEMA and the decentralised nature of crypto-assets point to a need for effective regulations.


The need of the hour is for lawmakers to understand the systems that are amplifying harmful content.


For drone delivery to become a reality, a permissive regulatory regime is a prerequisite.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ