Tribune’s reporter Rachna Khaira depicted how anonymous sellers were allegedly providing Aadhaar details for a fee
Days after a report by The Tribune claimed a breach in Aadhaar data, a deputy director of the Unique Identification Authority of India (UIDAI) has registered an FIR against the newspaper and its reporter Rachna Khaira.
In her report, published on January 3, Khaira depicted how anonymous sellers over WhatsApp were allegedly providing Aadhaar details for a fee. The report further mentioned that it just took Rs 500 and 10 minutes for the reporter to get an access to almost every detail of any individual submitted to the UIDAI – including name, address, postal code (PIN), photo, phone number and email.
The FIR – which also names Anil Kumar, Sunil Kumar and Raj, the people contacted during the course of reporting – has been lodged with the Crime Branch’s cyber cell under IPC Sections 419 (punishment for cheating by impersonation), 420 (cheating), 468 (forgery) and 471 (using as genuine a forged document), as well Section 66 of the IT Act and Section 36/37 of the Aadhaar Act.
According to BM Patnaik – who works with the UIDAI’s logistics and grievance redressal department – the FIR states, “An input has been received through The Tribune dated January 3, 2018, that the ‘The Tribune purchased’ a service being offered by anonymous sellers over WhatsApp that provided unrestricted access to details for any of the more than 1 billion Aadhaar numbers created in India thus far.”
“The above-mentioned persons have unauthorisedly accessed the Aadhaar ecosystem in connivance of the criminal conspiracy… The act of the aforesaid involved persons is in violation of (the various sections mentioned in the FIR)… Hence, an FIR needs to be filed at the cyber cell for the said violation,” the complainant added in the FIR.
The Tribune report mentioned, “It took just Rs 500, paid through Paytm, and 10 minutes in which an ‘agent’ of the group running the racket created a ‘gateway’ for this correspondent and gave a login ID and password. Lo and behold, you could enter any Aadhaar number in the portal, and instantly get all particulars that an individual may have submitted to the UIDAI (Unique Identification Authority of India), including name, address, postal code (PIN), photo, phone number and email.”
In a letter to The Tribune’s Editor-in-chief, the UIDAI’s Chandigarh regional office asked if it “was at all possible for your correspondent to view or obtain Fingerprints and Iris scan of any person through the aforesaid access to UIDAI portal” and “how many Aadhaar numbers did the correspondent actually enter through the said login user id and password and whom did those Aadhaar numbers belong to”.
Refuting claims of the report soon after it got published, the UIDAI in an official statement stated that there “has not been any Aadhaar data breach”.
“The Aadhaar data, including biometric information, is fully safe and secure. There has not been any data breach of the biometric database, which remains fully safe and secure with the highest encryption at UIDAI and a mere display of demographic information cannot be misused without biometrics,” it said.