NEW DELHI, (Reuters) –India’s biometric ID programme, Aadhaar, has been hit by another major security lapse, allowing access to private information, business technology news website ZDNet reported on Saturday.
A data leak on a system run by a state-owned utility company can allow access to private information of Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details, ZDNet said.
Even though the security lapse had been flagged to some government agencies over a period of time, it has yet to be fixed. ZDNet said it was withholding the name of the utility and other details.
Karan Saini, a New Delhi-based security researcher, said that anyone with an Aadhaar number was affected.
“This is a security lapse. You don’t have to be a consumer to access these details. You just need the Uniform Resource Locator where the Application Programming Interface is located. These can be found in less than 20 minutes,” Mr Saini told Reuters.
Vikas Shukla, spokesman for the Unique Identification Authority of India (UIDAI), which runs the Aadhaar programme, said the agency would issue a statement later on Saturday.
