Aadhaar card data continues to be available publicly on the internet, as can be seen from a simple google search for “mera aadhar meri phechan filetype:pdf”. Not only are printable Aadhaar cards available publicly, many results are found on government and private domains that have no business hosting Aadhaar cards to begin with, for example: starcardsindia.com rtionline.gov.in eflupreadmission.verityinfosol.com incois.gov.in and many more.
There are over a thousand results, and another few hundred if you vary the spelling from “pehechan” to “pehachan” or “pehchaan”. As interest grows in this search after being shared on social media several times, Google, which earlier showed 800 results is now showing over a thousand results for this search.
While the government and the UIDAI continue to insist on linking Aadhaar with every service, no matter how irrelevant, these kinds of data leaks cannot be avoided because in a country where government sites can be notoriously ill-designed, the chances of every business authorized to ask for Aadhaar cards—from maternity homes to cremation centers—being secure are negligible. Years after security researchers flagged the issue of Aadhaar numbers and related data being available on government sites, there is no sign of any serious attempt to ensure that data remains outside public domain.
Researchers who tried to keep the leaks confidential in order to protect security, faced intimidation at the hands of the UIDAI, which also insists there was no security breach in the information being public. Now, it appears that people are not interested in risking their own well-being to protect data the UIDAI does not care about, and we see people directly sharing links to vulnerable data.
The UIDAI’s adamant ignorance in keeping sensitive data secure is costing the country in privacy and security of individuals. In the meanwhile earlier searches like “aadhaar name address filetype:xls” continue to reveal Aadhaar details too, despite years of effort to make sensitive information vanish and the decreasing proportion of sensitive files.