AADHAAR, BANK DETAILS OF LAKHS OF PENSIONERS LEAKED ONLINE
NEW DELHI/RANCHI: The digital identities of over a million citizens have been compromised by a programming error that has revealed the names, addresses, Aadhaar numbers and bank account details of the beneficiaries of Jharkhand’s old age pension scheme on a website maintained by the Jharkhand Directorate of Social Security.
Jharkhand has over 1.6 million pensioners, 1.4 million of whom have seeded their bank accounts with their Aadhar numbers to avail of direct bank transfers for their monthly pensions.
These details are now freely available to anyone who logs onto the website, constituting a massive data breach at a time when the Supreme Court, cybersecurity experts and opposition politicians have questioned a government policy to make Aadhaar mandatory to access a variety of government schemes and services.
When HT reporters logged onto the site, they could drill down to get transaction-level data on pension paid into scores of pension accounts.
The publishing of Aadhaar numbers is in contravention of Section 29 (4) of the Aadhaar Act. Earlier this year, the Unique Identification Authority of India (UIDAI) blacklisted an Aadhaar service provider for 10 years for publishing the Aadhaar number of MS Dhoni, former captain of the Indian cricket team.
The authority has also filed at least eight police complaints in the past month against private parties for “illegally collecting” Aadhaar numbers of citizens — information that the Jharkhand government has put now put into the public domain.
UIDAI did not respond to queries sent by HT.
In Jharkhand, officials were sanguine about the breach.
“We got to know about it this week itself. Our programmers are working on it and the matter should be addressed very soon,” said MS Bhatia, secretary, social welfare department, government of Jharkhand.
He declined to comment on the legal implications of publishing this data.
“Will the CEO of UIDAI take any action against the government of Jharkhand for making this dataset public? And if they don’t, does that mean they condone this act?” said Pranesh Prakash, policy director at the Centre for Internet and Society.
The breach, senior Congress leader Jairam Ramesh said, “makes a complete mockery of all that Jaitley and Ravi Shankar Prasad have said in Parliament.”