However, UIDAI says that mere leakage of Aadhaar number not a security concern and that citizens’ biometrics data is safe.
An investigation by The Tribune has found that details of any of the about billion Aadhaar numbers issued in India can be accessed for as little as Rs 500. The report says that that the racket could have started six months ago over anonymous WhatsApp groups.
For Rs 500, The Tribune purchased a service being offered over Whatsapp. The newspaper's reporters claim that within 10 minutes, they had access to all details any individual had provided to the UIDAI. An “agent” provided them a login and password to a portal with all the data.
The report added that for another Rs 300, the “agent” had given them a software that facilitates printing of Aadhaar cards with just the Aadhaar number.
In a statement, the UIDAI dubbed the report as a case of misreporting and said individuals’ Aadhaar data, including biometric information, was “fully safe and secure”.
The UIDAI said that it provides a grievance redressal search facility to designated personnel, which gives only limited access to name and other details but not to crucial data such as biometric details.
"The reported case appears to be instance of misuse of the grievance redressal search facility. As UIDAI maintains complete log and traceability of the facility, the legal action including lodging of FIR against the persons involved in the instant case is being done."
The UIDAI also said that the Aadhaar number is not a secret number and is meant to be shared with authorized agencies. “Also, mere availability of Aadhaar number will not be a security threat or will not lead to financial/other fraud, as for a successful authentication fingerprint or iris of individual is also required.”
However, The Tribune report quoted Sanjay Jindal, Additional Director-General, UIDAI Regional Centre, Chandigarh, as saying that login access to the official Aadhaar portal is provided to only top-ranking officials and that any illegal access could be a “major national security breach”.
The official added that the matter had been taken up with the UIDAI technical consultants in Bengaluru.
The report comes amid a government drive to have citizens link their Aadhaar numbers to virtually all government documents and produce it to obtain services.This even as the government has been under pressure from both courts -- a number of cases have been against the government's decision to make Aadhaar mandatory for various use cases -- and members of civil society.