wordpress blog stats
Connect with us

Hi, what are you looking for?

Questions that the leakage of Aadhaar details on 210 websites raises about the UIDAI

The UIDAI has admitted in response to an RTI that 210 government websites publicly displayed names, addresses of Aadhaar users, reports PTI.

Much of this data was online and easily available for months and CIS India had determined that data for at least 130 million people had been leaked online by government departments, for only 4 sites. A separate MediaNama aggregation had listed around 12 other government sites. A few questions then for the UIDAI:

1. Why was there no proactive disclosure about the fact that 210 government websites had published personal, identification details of Individuals?
2. Data for how many individuals had been published online? Did the UIDAI do any analysis to assess the number of people affected by this leak?
3. Were each of the individuals, whose data had been leaked, informed about the data leaks, as should be the case with responsible disclosure of leaks of personal information?
4. Given that Aadhaar is a permanent number, and were these people offered new Aadhaar numbers, now that their data has been compromised?
5. How many cases have been registered by the UIDAI against specific government officials/departments for illegal publishing of Aadhaar numbers online? This is a clear violation of the Aadhaar Act and its rules:


  • “The Aadhaar number of an individual shall not b e published, displayed or posted publicly by any person or entity or agency.
  • “Any individual, entity or agency, which is in possession of Aadhaar number(s) of Aadhaar number holders, shall ensure security and confidentiality of the Aadhaar numbers and of any record or database containing the Aadhaar numbers.”
  • “…no entity, including a requesting entity, which is in possession of the Aadhaar number of an Aadhaar number holder, shall make public any database or record containing the Aadhaar numbers of individuals, unless the Aadhaar numbers have been redacted or blacked out through appropriate means, both in print and electronic form.”

Instead, what the UIDAI has done is gone after a journalist for exposing flaws in Aadhaar enrolment, and (allegedly) against Sameer Kochhar who said Aadhaar can be hacked. They’ve also sent notices to CIS for their disclosure of Aadhaar leaks.

6. The PTI report says that the UIDAI has said “Aadhaar details have never been made public from or by UIDAI.” This is factually incorrect. Of course, one can’t expect the UIDAI to file an FIR against the UIDAI. So who watches over the antecedents of the UIDAI?
7. What processes does the UIDAI have to proactively monitor the Internet for future disclosures, to ensure that such things don’t happen again?

You May Also Like


The DNA Technology (Use and Application) Regulation Bill, 2019, fails on all three Puttaswamy threshold tests and violates the fundamental right to privacy, according...


By Luca Belli and Nicolo Zingales Recently, WhatsApp pushed an in-app notification requesting users to accept its new privacy policy by February 8, 2021....


The government is not considering to order private companies to delete the driving license and vehicle registration databases that they had purchased from the...


The DNA Technology Regulation Bill, 2019, runs afoul of the right to privacy and will cause “irreversible damage” to individuals’ right to privacy and...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ