Can Aadhaar card data be misused to open bank accounts?

Can your Aadhaar Card data be misused by fraudsters to open bank accounts? Don’t worry! Aadhaar Card holders often ask what will happen if some fraudster tries to open a bank account against their names without their knowledge by obtaining a copy of their Aadhaar. People have raised apprehensions about whether they would be harmed or not. The Unique Identification Authority of India (UIDAI), the nodal authority for issuing Aadhaar, claims that Aadhaar Card data is completely safe and secured.

UIDAI has clearly stated that one can not open a bank account merely by presenting or submitting a physical Aadhaar Card or its photocopy. As per Prevention of Money-laundering (Maintenance of Records) Rules, 2005, and Reserve Bank of Indian circulars, a bank will go through a certain process of security checking. The process involves banks to perform verification through either biometric data or OTP authentication. Apart from this, there are another due diligence that need to be done by the bank before the Aadhaar Card can be accepted for banking transactions or KYC, says UIDAI. So as per the rules, no fraudster can open a bank account against your name using your Aadhaar Card details without verification through biometric or OTP.

However, if someone manages to open an account in a bank using your Aadhaar Card details without biometric or OTP authentication and other verification, then the bank will be held responsible for the loss, says UIDAI.

If you are still not sure about the security of your Aadhaar Card, then UIDAI provides another option for the verifiable 12-digit identification number. The Masked Aadhaar card is a viable option if you want to secure your Aadhaar Card details. While downloading Aadhaar Card details, you can opt for a more safer option of Masked Aadhaar card. This Masked Aadhaar Card only shows the last 4 digits of the 12-digit Aadhaar number. So, instead of carrying a phyiscal copy of your Aadhaar Card or a photocopy, it is advisable to have a Masked Aadhaar card, which in case of being misplaced or stolen is less likely to be misused. However, the Masked Aadhaar card does display other key details such as photograph, smart QR Code and demographic info.

Aadhar Data of More Than 2 Crore Punjab Residents Found on Hard Disks



The ongoing investigation by The Special Investigation Team (SIT) on the Aadhaar data theft of around 7.82 crore people residing in Telangana and Andra Pradesh has led to the discovery of a hard disk containing the Aadhaar data of 2 crore Punjab residents, as per The Tribune reporting.

The hard disk containing data has been recovered from a Hyderabad based IT company, It Grids (India) Pvt Ltd and consequently it has been registered for unlawfully possessing the Aadhaar data of 7.8 crore residents and exploiting the same. The company is also known for building the official TDP app, "Seva Mitra".

With the further discovery of 2 crore Aadhaar data records, the breach which initially estimated around 7.8 crores, went up to 9.8 crores. The investigating agency is looking into the obvious question which arises— why would a Hyderabad based IT company want to store Aadhaar data of Punjab residents? Notably, the Unique Identification Authority of India (UIDAI) has already reasserted the secure condition of its data servers. Though UIDAI  stood strong for the security of its servers, Police seemed to have contrasting opinions and filed a case where the theft of Aadhaar data has been proven scientifically.

Defending their stand, “Mere possession and storage of Aadhaar numbers of people, though it maybe an offense under the Aadhaar Act under some circumstances, does not put the Aadhaar holders under any harm in any manner whatsoever. For accessing any Aadhaar-based service, biometrics or one-time password (OTP) is also needed,” the UIDAI said.


Indian state-owned gas agency leaked 6 million Aadhaar Numbers






An ethical French hacker claims to have found a vulnerability on the Indian state-owned gas agency's website, Indane, which has exposed nearly 6 million Aadhaar numbers of dealers, customers and distributors.

 Elliot Alderson wrote a blog post on 18 February, in which he detailed how he got alerted about a vulnerability on a web portal meant for local dealers through a  private message. The exposed data includes names, Aadhaar numbers and addresses of the customers.

The cyber security researcher looked at an Android app of the Indane, and there he found  “Locate Your Distributor” feature, and this option let you find the ids of the dealers of the corresponding “bgadistrict”. With the dichotomy method he was able to easily find out the ids of all the dealers in 714 bgadistrict.

"Great, time to code! We have everything we need to get the size of this leak. Thanks to the endpoint found in the Android app, we will obtain all the valid dealer ids and then we will scrape all the “Total records” in the local dealer portal," Alderson wrote.

He  wrote a python script, and then executed the script, which fetched him  11062 valid dealer ids.  "After more than 1 day, my script tested 9490 dealers and found that a total of 5,826,116 Indane customers are affected by this leak."

Unfortunately, Indane probably blocked my IP, so I didn’t test the remaining 1572 dealers. By doing some basic math we can estimate the final number of affected customers around 6,791,200," Alderson further added.


However, Indane has refused to acknowledge the data leak, meanwhile Anderson has snapped back with a meme at the gas agency. UIDAI did not respond to the data leak reports.

Centre to seek counsel on the removal of UID data of children opting-out of Aadhaar



On the subject of the deletion of biometric data of children who decide to withdraw their Aadhaar details on turning 18, the government sought legal counsel.

The amendments made to the Aadhaar Act have been approved by The Union Cabinet. It included the provision which grants children the power to opt-out of Aadhaar on turning 18 years of age.

This bounds the Unique Authority of India to delete all the information along with the biometrics of these people from its servers.

Referencing from the statements given by UIDAI CEO and Revenue Secretary Ajay Bhushan Pandey, “A child when he or she turns the age of 18 can exercise an option to opt out, and in that particular case, their Aadhaar number will be canceled,”

“Regarding the biometric data, that is something we will have to take a legal opinion because if you delete the biometric data, then suppose that person comes again and does enrolment, then how will that operate.”

“Maybe that data could be kept somewhere separate, but how that will function, we will have to take legal opinions,” he further added.

The Aadhaar Act will need a reintroduction in the next session with a new government at the helm as it wasn’t made to pass during the recent Budget session of the Lower house.

However, those who wish to file income tax returns will not derive any benefit from this amendment which gave children attaining the age of 18 the power to quit Aadhaar as now, while filing taxes, it has been made mandatory by the court to have Aadhaar linked with PAN cards.