Technology

Thousands of Aadhar numbers leaked due to negligence of Indian state government

Owing to a security error, the Indian state government might have leaked thousands of Aadhar numbers.

As per the report by TechCrunch, the web system which was used for marking the attendance of government employees in Jharkhand was shockingly left without no security measure whatsoever since 2014. In simple words, there was no password check for the web system, therefore allowing anyone to access the name, job title and phone numbers of 166,000 government employees.

Furthermore, the uploaded image file of the employees used Aadhar number as file name, which is a confidential 12-digit number each Indian citizen. These numbers aren’t strictly confidential but are treated similarly to social security number. These Aadhar numbers can be used to verify the identity of the owner in order to enroll in state services, like voting, welfare or financial assistance.

So it holds paramount importance for the Indian citizen and, unfortunately, for those 166,000 government employees that their Aadhar number can now be used for malicious purposes. According to the security researcher, Robert Bapsite, the data on the website can be easily accessed with simple Python codes. Surprisingly, the no one from the Jharkhand government or UIDAI commented on this security breach.

Previously, The Tribune reported that sensitive data regarding the employees could be accessed by paying INR 500, UIDAI, however, denied the report. Fortunately for those Indian citizens, the central database (controlled by the Unique Identification Authority of India or UIDAI) hasn’t been affected by the incident to a great extent.

It’s still unclear why the Jharkhand government site had no security checks and was basically accessible to anyone who knew where to look for. Sadly, little effort had been put in to ensure and implement a robust security system or to at least hide it from the outside world which was evident from the fact that “The Tribune” reported the issue a while back but was outrightly denied by the government.

This is somewhat similar to a data breach that occurred in Pakistan more than a year ago, where Punjab Information Technology Board was found responsible for exposing the privacy of thousands of Pakistani individuals. Basically, those with very basic computer knowledge could access the exposed directory.

They could access and download/dump dozens of GBs of the private data that included personal information such as CNIC numbers, Front and Back of CNICs, Scanned copies of all the educational degrees, work experience, CVs and more. The main reason for this security breach as per PITB was a server upgrade which prompted a bug that resulted in the data breach.

Sponsored
Abdul Wahab

Share
Published by
Abdul Wahab

Recent Posts

Itel S25 Ultra Fails Durability Test, Raising Concerns

The Itel S25 series, known for its durability and affordability, recently faced scrutiny during a…

2 mins ago

WhatsApp Will No Longer Work on Older Android Phones Starting January 2025

WhatsApp has officially confirmed that, beginning January 1, 2025, it will end support for Android…

6 mins ago

Rs158 Billion Spent on Importing Mobile Phones to Pakistan in the Last Five Months

According to data from the Pakistan Bureau of Statistics (PBS), Pakistan imported mobile phones worth…

2 hours ago

EU Concerns Over Pakistan’s Military Court Sentences May Impact GSP+ Trade Benefits

The European Union (EU) has expressed concern over the recent convictions of 25 civilians by…

2 hours ago

SBP Announces December 25 as a Bank Holiday

The State Bank of Pakistan (SBP) has officially declared Wednesday, December 25, 2024, as a…

3 hours ago

Greentree Holdings Ltd Aims for 35% Stake in TRG Pakistan

AKD Securities, the manager of the offer, informed the main stock exchange on Monday that…

3 hours ago