The Unique Identity Authority of India’s (UIDAI) regional office in Hyderabad has asked the Telangana and Andhra Pradesh governments to stop uploading property documents to their revenue websites as they were being used to illegally access Aadhaar data, reported the Times of India. An unnamed official told the newspaper that fingerprints recorded with the documents were being stolen and used to acquire SIM cards and generate land documents. Both governments have stopped uploading the documents, the report said.

In another major leak, the Karnataka education department put Aadhaar numbers, mobile numbers and caste details of 5,375 students who bagged the National Means-cum-Merit Scholarship in March on its website, reports TOI. It said the Aadhaar and mobile numbers were taken down after it alerted UIDAI officials in Bengaluru but the caste details remained online.

FIR against IT Grids, developers of TDP’s Sevamitra app

On Monday, we reported that 7.8 crore Aadhaar records from Andhra Pradesh and Telangana were found on the hard disks of IT Grids Pvt Ltd, which operates the Telugu Desam Party’s Sevamitra app. The Cyberabad police last week lodged an FIR against IT Grids’ management, based on a complaint filed by the UIDAI’s Hyderabad office. The complaint and FIR noted that the IT Grids’ possession of extensive Aadhaar data likely meant that the data was sourced from either the Central Identities Data Repository (CIDR) or the State Resident Data Hub (SRDH). The investigation revealed that the structure and size of the database, and the fact that the database contained Aadhaar Enrolment IDs (EIDs), strengthened this suspicion.

Forensic investigation by the Telangana State Forensic Science Laboratory (TSFSL) found that IT Grids’ stored Aadhaar data of crores of people outside India, on the Amazon Web Services cloud. The FIR alleged that this may have exposed sensitive Indian data and compromised national security.

Previous Aadhaar data leaks in Andhra Pradesh

  • In August 2018 the Commissionerate of College Education, Andhra Pradesh, leaked the personal data, including Aadhaar numbers, of over 64,000 past and present students. MediaNama was able to access the information. One of the exposed datasets showed personally identifiable information of individuals, including details such as caste, gender, Aadhaar, the course they were enrolled in, college name, district etc. The data belonged to degree students enrolled in government colleges across all 13 districts in the state.
  • In June 2018, the Andhra Pradesh government exposed details of up to 4.5 crore citizens — phone numbers, insurance status, and home addresses — on a portal accessible with only an Aadhaar number.
  • The same month, an unsecured Andhra Pradesh government website exposed the names and numbers of every person who purchased medicines, including those who bought Suhagra (a medicine for erectile dysfunction) from government-run stores. A dashboard on the Anna Sanjivini website allowed anyone with an Internet connection to access details including the names and phone numbers of every person who bought medicines from every such store.
  • In April 2018, Andhra Pradesh government website leaked data of individuals including Aadhaar number, bank branch, IFSC code and account number, father’s name, address, gram panchayat, mobile number, ration card number, occupation, religion and caste information.
  • The same month, it was found that other Andhra Pradesh government websites were leaking Aadhaar numbers of women, their reproductive history from pregnancy to delivery, whether they had had an abortion, and so on.