Opinion

India In A Digital World Where The Cost Of Sensitive Personal Data Is Just Rs 500

So, it has directed Principal Entities including banks, telemarketers to fulfill the regulatory requirements before March 31, 2021 to avoid any disruption in the communication with the customers from April 1, 2021. If the banks failed to comply by today, customers will face the OTP-related issue from April 1 onward, on a massive scale nationwide.

Spam Calls, Scam Calls, Data Breach and Banking

India into a Digital World where the cost of our sensitive personal data is Rs. 500 - Digpu News

“Data Breach”, probably a term that we were not familiar with before the interlinkage between our Bank Accounts, PANs, Aadhars and Mobile numbers but has been widely used since then.

  • Rs 500, 10 minutes, and you have access to billion Aadhaar details, January 2018

On January 05, 2018, the Tribune “purchased” a service being offered by anonymous sellers over WhatsApp that provided unrestricted access to details for any of the more than 1 billion Aadhaar numbers created in India by then. It took just Rs 500, paid through Paytm, and 10 minutes in which an “agent” of the group running the racket created a “gateway” for this correspondent and gave a login ID and password. Lo and behold, you could enter any Aadhaar number in the portal, and instantly get all particulars that an individual may have submitted to the UIDAI (Unique Identification Authority of India), including name, address, postal code (PIN), photo, phone number and email.

However, there was more. The Tribune team paid another Rs 300, for which the agent provided “software” that could facilitate the printing of the Aadhaar card after entering the Aadhaar number of any individual. When contacted, UIDAI officials in Chandigarh expressed shock over the full data being accessed, and admitted it seemed to be a major national security breach. They immediately took up the matter with the UIDAI technical consultants in Bengaluru.

Sanjay Jindal, Additional Director-General, UIDAI Regional Centre, Chandigarh, accepting that this was a lapse, had told The Tribune: “Except the Director-General and I, no third person in Punjab should have a login access to our official portal. Anyone else having access is illegal, and is a major national security breach.”

Investigations by The Tribune had revealed that the racket may have started around six months ago, when some anonymous groups were created on WhatsApp. These groups targeted over 3 lakh village-level enterprise (VLE) operators hired by the Ministry of Electronics and Information Technology (ME&IT) under the Common Service Centers Scheme (CSCS) across India, offering them access to UIDAI data.

CSCS operators, who were initially entrusted with the task of making Aadhaar cards across India, were rendered idle after the job was withdrawn from them. Then the service was restricted to post offices and designated banks to avoid any security breach.

Spotting an opportunity to make a quick buck, more than one lakh VLEs were suspected to have gained this illegal access to UIDAI data to provide “Aadhaar services” to common people for a charge, including the printing of Aadhaar cards. However, in wrong hands, this access could provide an opportunity for gross misuse of the data.

The hackers seemed to have gained access to the website of the Government of Rajasthan, as the “software” provided access to “aadhaar.rajasthan.gov.in”, through which one could access and print Aadhaar cards of any Indian citizen. However, it could not be ascertained whether the “portals” were genuinely of Rajasthan, or it was mentioned just to mislead.

Sanjay Jindal said all of this could be confirmed only after a technical investigation was conducted by the UIDAI.

  • In an Embarrassing Incident, TRAI Chief’s Personal Details Were Leaked After He Shared His Aadhaar Number in Challenge to Hackers, July 2018

In another embarrassing incident for the Government that claims to be protecting out sensitive data with the highest security, Telecom Regulatory Authority of India (TRAI) chairman RS Sharma was left in an awkward situation in July 2018, after he shared his 12-digit Aadhaar number on Twitter and issued a challenge to show that how mere knowledge of the number could be misused. Hours later, his personal details like PAN number and alternative phone number were put out in public domain by hackers triggering a debate on Aadhaar data security.

The challenge by Sharma had got 577 retweets, and 745 likes by late evening.

The tweet was sent as a reply to one @kingslyj’s post at around 1.45 pm. By 6 pm, however, French security expert and Aadhaar critic, who goes by the nickname Elliot Alderson on Twitter, in a series of tweets had revealed the mobile number linked to the Aadhaar number. Soon, Sharma’s PAN number, alternative phone number, email ID, the phone he was using, his WhatsApp profile pic and some other sensitive data was out in the open.

“People managed to get your personal address, DoB and your alternate phone number. I stop here, I hope you will understand why make (sic) your Aadhaar number public is not a good idea,” Alderson wrote.

Previous page 1 2 3 4 5Next page
Show More

Farzan Bashir

Farzan Bashir is a postgraduate in Law from Kashmir. Though he is qualified for the legal field, it is writing where he More »

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisment
Back to top button