It revealed a person's bank account number, branch, father’s name, address, religion and caste, among other personal details.
New Delhi: The Unique Identification Authority of India (UIDAI), the body that governs Aadhaar, has been claiming that Aadhaar data cannot be breached or misused. However, contrary to the UIDAI's claims, sensitive data containing details such as religion and caste of 1.34 lakh Aadhaar card holders was reportedly leaked from the Andhra Pradesh State Housing Corporation website.
The leaked data was part of a list titled ‘Beneficiary Details belonging to Entry Report for Scheme Hudhud’ on the website.
The data leak clearly revealed details such as a person's Aadhaar number, bank branch, IFSC code, account number, father’s name, address, Panchayat, mobile number, ration card number, occupation, religion and caste, on a live website.
The leak was reported by a cybersecurity researcher Srinivas Kodali.
“The UIDAI may not be doing it, but other government departments are. And the AP housing corporation website is proof. The UIDAI has no idea what information is being linked to the unique ID,” Kodali said.
"It is not illegal to collect data under the act but making it public is prohibited. Also, at the bottom of the website, the AP government has put in a disclaimer, which says, nobody is responsible if data is leaked, and no official can be penalised,” Kodali added.
According to an NDTV report, the Andhra Pradesh government said that it adheres to the rules and regulations of the Aadhaar Act 2016 and the orders from the Hon'ble Courts in the context of data privacy. "We are investigating into this report and once we understand the full situation we will update you," the government said.
On Wednesday, a five-judge Constitution bench headed by Chief Justice Dipak Misra, was hearing a clutch of petitions challenging Aadhaar and its enabling 2016 law.
The top court raised questions over the government's decision ordering mandatory seeding of mobile numbers with Aadhaar and said its earlier order on mandatory authentication of the users was used as a "tool".