Aadhaar Data Breach – How Could It Have Been Mitigated?

Data Security | February 28, 2018

In a previous article of our “Data Breach” series, we identified how 2017 was one of the most devastating years in terms of data breaches, given that it saw a record 45% increase in annual breaches over the previous record in 2016. There were as many as 1,579 breaches within the United States alone in 2017 that exposed nearly 180 million records. Unfortunately, the numbers are far worse when you apply it to the global scale where countless occurrences of breaches have taken place. India, the second most populated country in the world, is one example, out of the many impacted countries, that has suffered significantly due to the recent Aadhaar data breach.

 

What is the “Aadhaar” program?

The Aadhaar program is an initiative of the Indian government, led by PM Narendra Modi, that is intended to bring many of the country’s previously manual and bureaucratic processes into the digital space — with the goal of improving access to vital services, while curtailing corruption and the misappropriation of funds.

The program is an initiative that has been under works for the last seven years and is considered the world’s largest biometric database, with almost 1.2 billion people (approximately 90% of India’s population) registered within the Aadhaar database. The government’s goal was to link citizens to their biometric details and develop a form of identification, especially for rural Indians, which would enable them to access basic services like registering for bank accounts, getting a driver’s license, or receiving various government subsidies. A simple fingerprint or retinal scan would instantly verify the identity of an individual and give them access to government services and, in some instances, private services.

The program has grown from being a voluntary system into one that is a de facto requirement that is essential in performing the most basic tasks. 2017 was a significant year for the program, given that the government enacted sweeping reforms that made it mandatory for banks to link their customers’ Aadhar information to their respective accounts — all accounts that were not linked by December 31st 2017, were terminated. Additionally, even SIM cards will need to be linked to the database before the end of this month (February 2018), or they too will be deactivated.

Now that we have gauged how significant and integrated the Aadhar program is, let’s take a look at where things have gone wrong.

 

What went wrong and how did the Aadhaar data breach take place?

In a scathing sting operation by the Indian newspaper, The Tribune, reporters highlighted how they were able to gain access to personal information within the database in the form of email addresses, phone numbers, and postal codes — all at the negligible cost of $8. The database is reportedly at risk due to the fact that a group of individuals have gained access to the database by using the credentials of former employees who were tasked with making the unique identification “Aadhaar” cards. In fact, the newspaper reported that for another $5, individuals could gain access to the software used to print these unique IDs, which can then be utilised to access various services. Complete identity theft for only $13!

As noble as the intentions behind the Aadhaar program are, which includes alleviating corruption, it appears as though the opposite has taken place. The pre-Aadhaar era was a time where officials and administrators added fraudulent names and records into the country’s various welfare databases, which they would then use to steal funds originally meant for the poor. Now, with the Aadhaar system in place, entire identities can be stolen — risking the financial security and privacy of Indian citizens, while exposing them to greater vulnerability.

In order for the Indian government to recover from the Aadhaar data breach and regain public trust, it will have to deploy technology and systems that will both prevent any future breaches and, in the event of a data breach, protect the identities and information of the one billion people within the system. If the Aadhaar data breach has taught us anything, it is that

 

The IAME way

Our IAME solution is a game-changing concept that strives to transform the identification process, which is where individuals are at risk the most. Our approach comprises a system that fragments the individual pieces of identification data and shares each fragment with a group of third-party validators — who then verify each component assigned to them. The result of this is that the data sharer would be the only person with knowledge and access to all the data in a meaningful way.

With our system in place, even if a database or platform experiences is impacted, in the manner that the Aadhaar data breach took place, the data that is stolen would be practically worthless, given how fragmented it is.

 

If you would like to know more, please visit our Website and read our White Paper. Any feedback, comments, or questions can be asked directly to our team by visiting our Telegram Channel. For updates on IAME, you can follow us on Linkedin, Facebook or Twitter. Stay tuned to our blog series, for more of the latest news in the crypto and blockchain realms.