In what could be considered an embarrassment for the Andhra Pradesh government, an independent researcher has highlighted two cases in two days of Aadhaar details of citizens being leaked online.
A day after it came to light that the state government potentially made public the Aadhaar data of at least 1.34 lakh citizens of the state, another instance has surfaced.
Taking to Twitter, Aadhaar whistleblower Srinivas Kodali put out screenshots that suggested that the Unique Identity Number (UID) numbers of 89,38,138 MNREGA (Mahatma Gandhi National Rural Employment Guarantee Act) beneficiaries had been compromised on the website of the Andhra Pradesh Benefit Disbursement Portal.
"Website maintained by $100 billion company TCS along with another government department. Reported to security agencies. Question: where is the UIDAI bug reporting mechanism?" Srinivas tweeted.
Speaking to TNM, Srinivas said, “The portal was being managed by APOnline, which is a joint venture between the state government and Tata Consultancy Services (TCS). It is not like they didn't have the capacity, as they hired engineers from a private company.”
Srinivas also lamented that there are no proper mechanisms to report bugs.
"When a bug is reported, there is no proper mechanism in place to acknowledge the mistake. What are they doing about it? Until they change this, these leaks will continue to happen," he added.
After Srinivas reported the bug, the portal began masking the Aadhaar numbers.
Another day, yet another #Aadhaar data leak of 89,38,138 MNREGA workers. Website maintained by $100 billion company TCS along with another government department. Reported to security agencies. Question: where is the UIDAI bug reporting mechanism? pic.twitter.com/0L4K2YUyl1
— Srinivas Kodali | శ్రీనివాస్ కొడాలి (@digitaldutta) April 26, 2018
Website was Andhra Pradesh Benefit Disbursement Portal. They have started masking #Aadhaar numbers now. pic.twitter.com/fPJqDrFxHF
— Srinivas Kodali | శ్రీనివాస్ కొడాలి (@digitaldutta) April 26, 2018
This came just a day after the Aadhaar data of at least 1.34 lakh citizens in the state was compromised, along with other details like their religion, caste and bank details.
The names were part of a list titled ‘Beneficiary Details belonging to Entry Report for Scheme Hudhud’ and were available on the website of the Andhra Pradesh State Housing Corporation.
The page clearly showed the name of the person’s father, address, panchayat, mobile number, ration card number, occupation, religion, caste, Aadhaar number, along with other details including bank details like bank branch, IFSC code, and account number.
This was in conflict with the Unique Identification Authority of India's (UIDAI) stand, where it said that it does not link any of these details with the Aadhaar number.