More than 200 central and state government websites have leaked the personal details of users of India's controversial national ID system – Aadhaar. Under the country's Aadhaar system, every Indian citizen receives a unique 12-digit number – similar to Social Security Numbers in the US – and has his/her biometric and personally identifiable information collected and stored by the government.
In response to a Right to Information (RTI) inquiry, the Aadhaar-issuing body, called the Unique Identification Authority of India (UIDAI), said 210 websites of central and state government departments – including educational institutes – had publicly exposed data of some users, including their names, addresses, Aadhaar numbers and other details.
UIDAI said the data has since been taken down. The agency did not specify how or when the breach took place, or how long the data was exposed on these sites. The agency also did not specify how many citizens' data was compromised in the data leak.
The offending websites have not been identified either.
Aadhaar cards are used as a proof of identity and address anywhere in the country.
The Indian government has made it mandatory for every Indian citizen to get their Aadhaar ID to avail of various social welfare schemes and government services. The government also wants all its citizens to link their Aadhaar IDs to their bank accounts, mobile numbers, insurance policies, PAN (Permanent Account Number) and other services.
Aadhaar is currently the world's largest biometric database and has already collected the iris scans and fingerprints of more than a billion Indians. However, many security experts have voiced serious security and privacy concerns over the system, especially due to the fact that it holds billions of users' sensitive and confidential details.
"UIDAI has a well-designed, multi-layer approach, robust security system in place and the same is being constantly upgraded to maintain the highest level of data security and integrity," UIDAI said in response to the RTI inquiry, the Press Trust of India (PTI) reported.
The agency said it conducts regular security audits as well to ensure that its data is secure.
"Various policies and procedures have been defined, these are reviewed and updated continually, thereby appropriately controlling and monitoring any movement of people, material and data in and out of UIDAI premises, particularly the data centres."
IBTimes UK has reached out to UIDAI for comment and is awaiting a response.