No breach in Aadhaar data vault till now, must be cautious: Centre in Rajya Sabha
Union minister of electronics and information technology Ashwini Vaishnaw said that Aadhaar holders must be cautious while sharing their details
There has been no breach of Unique Identification Authority of India’s (UIDAI) Aadhaar data vault, Union minister of electronics and information technology Ashwini Vaishnaw said in Rajya Sabha on Monday. The minister also said that Aadhaar holders must be cautious while sharing their details.
“Aadhaar has a 256-key encryption followed and there has not been a data breach recorded yet. This is contrary to concerns raised by several security experts in the past,” he said.
The Union minister was responding to questions raised by Communist Party of India (CPI) MP Binoy Viswam on whether the Centre has considered the recent report by the Comptroller and Auditor General (CAG) that questioned the encryption method and procedure of Aadhaar data vault.
Referring to the CAG recommendations, the ministry said the Information Security (IS) Audit of Authentication User Agencies (AUA) for 2020-21 has not been completed by independent auditors. “For the year 2020-21, IS Audit (including ADV) of 156 out of 164 AUAs has been done. Further, for the year 2021-22, so far UIDAI has received IS audit reports of 133 out of 169 AUAs,” it said.
The ministry further said that Aadhaar number holders can use partially-masked Aadhaar as a precautionary measure. “UIDAI also provides the facility of Aadhaar locking and biometric locking to residents which ensure greater security and privacy of Aadhaar number,” it added.
The recent CAG report titled ‘Functioning of Unique Identification Authority of India’ has found that the bodies involved in the Aadhaar authentication system failed to conduct annual audits of their operations either by UIDAI or certified Information System Auditors.
“UIDAI was neither able to derive required assurance that the entities involved in the authentication ecosystem had maintained their information systems which were compliant with the prescribed standards nor did it ensure compliance of Information Systems Audit by the appointed entities,” the report said.
A total of 1,22,454 duplicate Aadhaars have been cancelled since 2019 and Andhra Pradesh tops the list with 20,696 cancellations, followed by Madhya Pradesh with 13,083 and Karnataka with 12,552 cancellations.
The CAG report said that over 4.75 lakh Aadhaar with similar biometric data were issued by UIDAI since 2019.