A journalist from the Tribune was able to purchase unrestricted access to the Aadhaar database for as little as Rs 500, according to a report from the publication. This access allowed the journalist to get details of Name, Address, PIN code, photo, phone number and email. For another Rs 300, the Tribune team was given software for printing an Aadhaar card, after entering the Aadhaar number for anyone. The journalist was made an Enrolment Agency Administrator for CSC SPV, apparently without any checks. The story quotes Sanjay Jindal, Additional Director-General, UIDAI Regional Centre, Chandigarh, as saying that this is a national security breach. These groups targeted Village Level enterprise operators who were given access to the UIDAI data via Common Service Centres, for enrolment work. Those providing access did so via aadhaar.rajasthan.gov.in, but it's not clear whether that is truly the case. We've written to UIDAI CEO Ajay Bhushan Pandey for comments and will update when we hear from him. We've sent the following questions to him: 1. How many Village Level Enterprises were given access to the Aadhaar database? 2. What practices are/were followed in order to ensure that access is given only to personnel authorised by the UIDAI? 3. Do CSCs or VLEs have the ability to give database access to third parties without the UIDAI's permission or knowledge? What processes are in place to prevent this? 4. Does each VLE have access to the entire aadhaar database or only parts of it? Is the data in silos…
