Aadhaar Security Fail

India's Aadhaar biometric database contains the records of over 1.1 billion Indians. Given the scale of this database, the breaches and leaks of personal data have also been massive. Potentially every single one of the 1.1 billion people enrolled in Aadhaar could have been affected by multiple breaches and leaks. Similarly, we have seen cases where it's possible to add additional, fake records to the database. The UIDAI - the authority that runs the Aadhaar scheme and the database - claim that, in actual fact, the central database has never been breached. However, there have been numerous examples of ways in which the data held by the UIDAI has leaked: through faulty access-points by third parties, or by usuing patched enrollment software. Many of these are linked to decisions made in the design of the system, including the design of enrollment and the push to encourage its use across the public and private sectors.

Tools to access the entire database were circulating in WhatsApp groups for as little as 500 rupees (USD7). This has left millions of Indians open to a broad range of frauds: given the ubiquity of the use of Aadhaar in the public and private sector, the possibilities of abuse are growing. But it also has an effect on vulnerable people in society as well, with the fear that their personal details will be breached has led people to avoid seeking treatment for HIV/AIDS, for instance.