What Aadhar Data Breach Means To Digital India And Its Citizens


Rachna Khaira, who works for The Tribune wrote a story about how 10 minutes and about Rs. 500 opened a treasure trove of a billion Aadhar records for her. Here is the link to the story. The claims are being verified. Meanwhile, the government has filed an FIR against the journalist, which is also debatable. The newspaper journalist has claimed to buy Aadhaar details from anonymous sellers on WhatsApp. The UIDAI has filed a police complaint against the data breach even though it has denied that data had been compromised. An RBI study says Aadhar is a single target for cyber criminals.

The recent case of Yahoo and its data breach comes to mind, in which 1.5 billion user accounts got jeopardized in one of the biggest data breaches ever in history. The episode wiped off $350 million worth of Yahoo, during the sale to Verizon. Same thing happened with the Uber data breach that was concealed by the company for several years.

Alarm bells ringing post the Aadhar data breach?

No wonder, there are chances that you are feeling vulnerable if you have read about how data was made available for as low as Rs. 500. It’s not every day that critical details like biometrics, schooling details, address, and a number of other records were made available online, for as low an amount as Rs. 500. The human factor in cyber security is of utmost importance. Risky cyber security behaviors, attitudes towards cyber security in a business environment, and not paying attention towards these elements result in serious lapses.

Officials from Unique Identification Authority of India (UIDAI) have quite naturally expressed shock and surprise at the episode. Many cyber security experts say the case is one of “national security breach”. For now, the UIDAI has blocked access to the Aadhaar database for 5,000 government officials. Now, access needs has to be authenticated by the biometrics fingerprint of the Aadhaar holder, and only then data will only be visible to that person.

Aadhar data breach a huge setback to Digital India?

A number of questions naturally arise after what could be termed as reportedly one of the biggest data breaches in history. Who is responsible for the data breach: the government, the officials, the data centers, or cyber criminals? What can the Chief Information Officer or the Chief Legal Officer or Chief Security Officer do in such a situation? Does the episode mean and prove that digitization is inherently vulnerable to such data breaches? How justified is the government in threatening criminal and legal action against the reporter journalist? What are the citizens rights in such a situation and what is the recourse?

No doubt, the seriousness of the charges could lead to significant consequences for the digitization of the country. The UIDAI has already been regularly making news for all the wrong reasons. The government must come forward and restore the repeatedly broken trust of its citizens. There must be greater regulation and scrutiny of the growing digital market. The future of cyber security could count on this huge let up for a massive shakeup, one not seen in recent years. Moreover, it is unimaginable that the massive data breach has taken place and revealed. The UIDAI and the Government of India has to answer many such uncomfortable questions.

(Photo Courtesy: Hindustan Times)