Home Cybersecurity A Security Breach in India Has Left a Billion People at Risk of Identity Theft

A Security Breach in India Has Left a Billion People at Risk of Identity Theft


Over a billion Indian citizens may be vulnerable to identity theft and intrusions of privacy after a newspaper sting uncovered a security breach in the country’s vast biometric database, which contains the personal data of almost every citizen.

The Tribune newspaper said its reporters were able to access names, email addresses, phone numbers and postal codes by typing in 12-digit unique identification numbers of people in the government’s database, after paying an individual about $8. For another $5, the newspaper said, the individual offered reporters software to print out unique identification cards, called Aadhaar cards, that can be used to access various government services including fuel subsidies and free school meals.

The individual was part of a group that had gained access to the database through former workers who were initially tasked with making the cards, the Tribune reported. Several groups were part of this scheme, the newspaper said. The Washington Post has not independently verified the report.

Extending the biometric ID program, known as Aadhaar — meaning foundation — to every citizen is one of Prime Minister Narendra Modi’s flagship policies in his crusade against corruption. Campaigners say that an Aadhaar card is a way for citizens to prove their identity and access government and financial services. It also is a way to prevent fraud — corrupt officials often add fake names in welfare databases and steal money meant for the poor, they allege.

The Tribune’s finding is the latest in reported privacy breaches, raising concerns about the Indian government’s ability to protect its citizens from hackers. In the past, government websites have accidentally leaked the data of thousands of citizens.

India’s Unique Identification Authority, which oversees the Aadhaar program, said in a statement that “Claims of bypassing or duping the Aadhaar enrollment system are totally unfounded. Aadhaar data is fully safe and secure and has robust, uncompromised security.” Modi’s governing Bharatiya Janata Party tweeted from its official account that the Tribune’s report was “fake news.”

The program has faced deep criticism in India, and the latest development stokes growing privacy fears. Internet campaigner Nikhil Pahwa said in a tweet that campaigners had warned against potential breaches of data for years. “As the usage and linkage of Aadhaar grows, this is going to increase. Bad, bad design,” he wrote.

In August, the Supreme Court ruled that privacy is a fundamental right for Indian citizens. The ruling may affect the government’s efforts to extend the Aadhaar program to cover every citizen.

For months, government officials in India set up registration centers in cities and villages, snapping photographs and taking iris and fingerprint scans of citizens for a single, centrally secured database. In some hospitals, officials say, babies are given 12-digit registration numbers within minutes of being born.

According to Nandan Nilekani, the tech titan who designed the program, enrolling India’s citizens has saved the government billions of dollars. It has won Modi praise from foreign dignitaries. Bill Gates, on a recent visit to India, hailed it as a “12-digit lie detector,” and the World Bank’s chief economist Paul Romer said “it could be good for the world if this became widely adopted.” Delegations from Tanzania, Bangladesh and Afghanistan have visited India to talk about how it could be replicated in their own countries.

Although signing up isn’t mandatory, the Indian government has made Aadhaar registration mandatory for access to many crucial government services. Banks have threatened to freeze accounts if they are not linked with Aadhaar numbers.

In a news report, relatives of a woman said she died after being turned away from a hospital because her family did not have her Aadhaar card. In another case, activists said an 11-year-old girl died because food rations were denied to her because she did not have an Aadhaar card.

Read more:

Biometric identity project in India aims to provide for poor, end corruption

Indians like to pay cash. The government is now forcing them to swipe cards.


This article was written by Vidhi Doshi from The Washington Post and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.



Online Degrees & Certificates In Cybersecurity

American Military University's online cybersecurity programs integrate multiple disciplines to ensure you gain the critical skills and management practices needed to effectively lead cybersecurity missions – from government or private industry. Learn from the leader. American Military University is part of American Public University System, which has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in Cyber Defense Education.

Request Information

Please complete this form and we’ll contact you with more information about AMU. All fields except phone are required.

Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Ready to apply? Start your application today.

We value your privacy.

By submitting this form, you agree to receive emails, texts, and phone calls and messages from American Public University System, Inc. which includes American Military University (AMU) and American Public University (APU), its affiliates, and representatives. I understand that this consent is not a condition of enrollment or purchase.

You may withdraw your consent at any time. Please refer to our privacy policy, terms, or contact us for more details.