India denies breach of its billion-strong 'Aadhaar' ID system
Journo who bought data has been named in police complaint
The Unique Identification Authority of India (UIDAI) has refuted claims the country's Aadhaar identification system was hacked as “clearly a case of misreporting being incorrect and misleading”, but has also filed a police complaint against the journalist who reported a breach.
Last week, Indian Tribune journalist Rachna Khaira wrote that she was able to pay for access to the Aadhaar data trove, which stores data - including biometrics - on over a billion Indian citizens.
Khaira uncovered what appears to be an abuse of insider access to the Aadhaar admin systems. For 500 rupees (US8.00), Khaira wrote she was able to get a source to create an Aadhaar gateway for her, and for another 300 rupees the contact provided software to print Aadhaar cards.
The complaint by the Identification Authority of India (UIDAI) was confirmed to The Indian Express by joint commissioner of police Alok Kumar.
As well as Khaira, the complaint named Anil Kumar, Sunil Kumar and Raj as being of interest to the investigation.
The Indian Express quoted the complaint (referred to as an FIR, First Information Report) as saying “The above-mentioned persons have unauthorisedly accessed the Aadhaar ecosystem in connivance of the criminal conspiracy… The act of the aforesaid involved persons is in violation of (the various sections mentioned in the FIR)… Hence, an FIR needs to be filed at the cyber cell for the said violation.”
UIDAI has issued a statement [PDF] saying it's not shooting the messenger. Rather, it claimed, in making its police report it was obliged to identify “everyone who is an active participant in the chain of the events leading to commission of the crime, regardless whether the person is a journalist or anyone else, so that police can conduct proper investigation”, and that this “does not necessarily mean that everyone mentioned in the FIR is a culprit”.
The controversial Aadhaar identity system suffered a 137 million-record leak last May. ®
Sponsored: Becoming a Pragmatic Security Leader