More than 200 central and state government websites publicly displayed details such as names and addresses of some Aadhaar beneficiaries, the Unique Identification Authority of India has said.
In response to an RTI query, the Aadhaar-issuing body said it had taken note of the breach and got the data removed from those websites. It, however, did not specify when the breach took place.
It said Aadhaar details have never been made public from/by UIDAI.
“However, it was found that approximately 210 websites of Central and State government departments, including educational institutes, were displaying the list of beneficiaries along with their name, address, other details and Aadhaar numbers for information of general public,” it said.
The Centre is in the process of making Aadhaar mandatory to grant benefits of various social service schemes.
“UIDAI has a well-designed, multi-layer approach and a robust security system in place and the same is being constantly upgraded to maintain the highest level of data security and integrity,” the RTI reply said.
The architecture of the Aadhaar ecosystem has been designed to ensure data security and privacy which is an integral part of the system from the initial design to the final stage, it said.
“Various policies and procedures have been defined, these are reviewed and updated continually thereby appropriately controlling and monitoring any movement of people, material and data in and out of UIDAI premises, particularly the data centres,” the UIDAI said.
It said security audits are conducted on a regular basis to further strengthen security and privacy of data. Besides this, all possible steps are taken to protect the data, the authority said.
