by Sruthi V S
The agriculture ministry of the Andhra Pradesh has exposed Aadhaar of thousands of farmers on their website. Baptiste Robert, a French security researcher who goes by Elliot Alderson on Twitter, pointed out the leak Tuesday. Along with Aadhar details, the database reveals other details such as the name, father’s name, mobile number, village name, and caste. According to the Economic Times, the database was available through a simple Google Search and is still live.
Due to your negligence, the #Aadhaar numbers of thousands of farmers are available publicly on the web. Can you contact me in private to fix this critical issue ASAP.
— Elliot Alderson (@fs0c131y) May 28, 2019
Alderson has also revealed the Aadhaar leak by government company Indane in February 2019. He found that the name, address, and Aadhaar numbers were exposed and around 6.7 million Indane customers were affected. Similarly, in July 2018, the personal data of more than 23,000 farmers were leaked by the AP government. These were the farmers who received subsidies from the Andhra Pradesh Medicinal and Aromatic Plant Boards. Personal information including farmers’ phone numbers, Aadhaar numbers, fathers’ names, passbook, bank account details, district and mandals were accessible simply by entering their phone numbers in the database.
Previous leaks by the Andhra Pradesh
- In April 2019, 7.8 crore Aadhaar records from Andhra Pradesh and Telangana were found on the hard disks of IT Grids Pvt Ltd, which operates the Telegu Desam Party’s Sevamitra app. An FIR was lodged by UIDAI against the IT Grids Pvt Ltd. The Forensic investigation by Telangana State Forensic Laboratory (TSFL) found that IT Grids stored Aadhaar data of even people outside of India on the Amazon Web Service Cloud.
- In August 2018, Andhra Pradesh’s Commissionerate of College Education leaked personal data of students enrolled in government colleges in 13 districts. The data included name, caste, religion, Aadhar, college name, course name, etc belonging to over 64,000 past and present students.
- In June 2018, the AP government portal exposed data of upto 4.5 crore citizens which was collected for its Praja Sadhikharna Survey or Smart Pulse Survey of citizens. The data collected was seeded with Aadhar number, so details including name, phone numbers, addresses, insurance status were accessible with just Aadhaar number only.
- The same month, it was found that an AP government public website was tracking state-run government ambulances. It displayed real-time location of ambulances which was accessible to anyone with an internet connection to monitor and obtain sensitive information.
- The Reproductive and Child Health department leaked Aadhar numbers of women in April last year. The reproductive history from pregnancy to its conclusion and vaccination of infants could be publicly accessed on the portal.
- The same month, a government website leaked the data of individuals which includes Aadhaar number, bank-branch, IFSC code, account number, address, phone number, ration card number, occupation, religion and caste information.
Our coverage of the leaks by Andhra Pradesh are here.