The Government of India Leaked Personal Data of 135 Million Citizens

Indian Internet and Society Studies Center (The Centre for Internet and Society, CIS) has warned that from the state database flowed in AADHAAR number network, which is assigned to nationals system UIDAI (Unique Identification Authority of India, the Agency India's unique identification). This database is considered to be the largest biometric database in the world because it contains data from more than a billion people. Identification is based on personal data, fingerprints, and photographs of the iris. 



According to the Center for Internet and Society, the leak did not occur as a result of the attack and not because of a vulnerability in the system. The blame for the incident lies with the government agencies that govern this vast array of data and work with it. In particular, the report referred to the National Social Assistance Program (National Social Assistance Programme), the National Employment Guarantee System (National Rural Employment Guarantee Scheme), a similar regional program known as Chandranna Bima, as well as portal Daily Online Payment Reports under NREGA, which supports the National Informatics center. 

Report of The Centre for Internet and Security states says,

Since its inception in 2009, the Aadhaar project has been shrouded in controversy due to various questions raised about privacy, technological issues, exclusion and security concerns.
In the last month, there have been various reports pointing out instances of leakages of Aadhaar number through various databases, accessible easily on Twitter under the hashtag #AadhaarLeaks. Most of these leaks reported contain personally identifiable information of beneficiaries or subjects of the leaked databases containing Aadhaar numbers of individuals along with other personal identifiers
All of these leaks are symptomatic of a significant and potentially irreversible privacy harm, however we wanted to point out another large fallout of these leaks, those that create a ripe opportunity for financial fraud. For this purpose, we identified benefits disbursement schemes which would require its databases to store financial information about its subjects
During our research, we encountered numerous instances of publicly available Aadhaar Numbers along with other personally identifiable information (PII) of individuals on government websites

You can have a look into the detailed report here.

Codes Aadhaar - unique identification number consisting of 12 digits XXXX-XXXX-XXXX format. This identifier is not only stored all the data, including biometric data, as this ID, you can learn about a person almost everything: information about the place of residence, bank accounts, telephone numbers and so on. Currently, AADHAAR codes are used in India everywhere: to obtain government subsidies as identity cards for identification in the workplace, they are used in the national payment system, as well as in everyday life, for example, when buying an SIM-cards or voting at elections. 


CIS experts have warned that the "efforts" of various departments in the past few months in the Internet data flowed more than 135 million people, and the information is easy to find, even on Twitter via the hashtag #AadhaarLeaks. And since the personal data affected can be correlated with their AADHAAR code, attackers have an excellent opportunity to recreate part of the government base and start to construct a very convincing fake identity. CIS experts believe that in the first place after a leak should expect massive financial fraud cases. Also, experts believe that the government should more carefully monitor the use of UIDAI and data of third parties.