Local news sites in India are reporting that the government's biggest citizen database, which holds demographic data from roughly 1.2 billion people, has been compromised.
According to BuzzFeed, a local Indian news portal got in touch with a certain person which goes under the pseudonym Anil Kumar via WhatsApp, and paid him roughly $8 to get access to Aadhaar, a centralised government citizen database.
Kumar was able to create unique login credentials which the journalists used to access the database. Allegedly, it holds information like names, addresses, dates of birth, or mobile numbers. Apparently, whoever gets invited into the system by an administrator, can create valid login credentials themselves.
The government agency responsible for the entire system called it a “major national security breach”, however other government sources have denied the claims, saying the database is fully secured.
India’s Narendra Modi-led Bharatiya Janata Party dismissed everything as “fake news”. In a statement provided to BuzzFeed News, the UIDAI said it “denied” the Tribune report and that “Aadhaar data including biometric information is fully safe and secure.” The agency added that the journalists had misused the database search mechanism available only to government officials. It also said it would sue.
The entire Aadhaar system has seen a fair share of critics. Among them is Nikhil Pahwa, editor of Indian technology news website Medianama, which sees Bharatiya Janata Party’s explanations as trying to weasel out of a situation by saying this incident, technically, wasn’t a breach.