Unique Identification Authority of India (UIDAI) has issued a press statement thrashing false reports that maligned Aadhaar, which is touted as the world's largest unique identity project.
Last week, Telecom Regulatory Authority of India (TRAI) chairman Ram Sewak Sharma threw an open challenge to Aadhaar detractors to prove that personal details on the platform are safe. He posted his 12-digit UIDAI's unique identification number on Twitter. Several self-proclaimed ethical hackers then bombarded his social media account with Permanent Account Number (PAN) card numbers, phone number details, house address, personal Gmail ID, secondary Yahoo email ID, Date of Birth (DoB), and even photo of him with a lady (understood to be one his relatives)
One hacker even managed to send Rs 1 to his bank account to prove that Aadhaar number leak can even be used to breach bank accounts.
UIDAI has now debunked the claims. It said that RS Sharma is a government employee and all the aforementioned details are in the public domain and can be retrieved by a simple Google search. Although it takes a good hacker to get bank account number, PAN card details and Google Gmail security check question—"My (RS Sharma's) frequent flyers number of Air India", they cannot be retrieved using an Aadhaar number. Anyone can find RS Sharma's image online via Facebook, provided it has been marked public.
Also, some people have cautioned that Rs 1 that was transferred to RS Sharma might one day haunt him if an anonymous person succeeds to put more money into his account without his consent. The account might attract tax officials and he might get falsely implicated for money laundering and corruption.
My Aadhaar number is 7621 7768 2740
— RS Sharma (@rssharma3) July 28, 2018
Now I give this challenge to you: Show me one concrete example where you can do any harm to me!
"Certain so-called hackers while responding to a challenge thrown by Shri Sharma to attempt to really 'harm him by using his Aadhaar', have claimed to have found his mob no., PAN & other details such as alt. mob no., DoB, email, photo, frequent flight details, etc, through Aadhaar. They boasted that they had got Shri Sharma's aforesaid personal details by hacking the Aadhaar database. This so-called claim, UIDAI said, is a farce and people should not believe such fraudulent elements active on social and other media," UIDAI.
And, as far as bank account details are concerned, the hacker sent money to RS Sharma's account, but it would have been a bigger deal if the person had syphoned off the money.
The ultimate challenge will be to retrieve the fingerprint and other biometric details from the Aadhaar database server.
Here's official UIDAI press statement on false reports of Aadhaar number compromising personal details of RS Sharma:
"UIDAI strongly dismissed the claims made by certain elements on Twitter and a section of Media that they have fetched personal details of Shri Ram Sewak Sharma who is a public servant using his Aadhaar number.
UIDAI condemns such malicious attempts by few individuals to malign the world's largest unique identity project - Aadhaar. UIDAI said that Aadhaar has built the digital trust among people at large and these devious elements are trying to spread misinformation.
Aadhaar database is totally safe and has proven its security robustness over the last eight years. UIDAI emphatically stated that any information published on Twitter about the said individual Shri RS Sharma was not fetched from Aadhaar database or UIDAI's servers.
In fact, this so-called "hacked" info (about Sh. Sharma's personal details such as his add., dob, photo, mob no., email etc.) was already available in public domain, as he being a public servant for decades and was easily available on Google & various other sites by a simple search without Aadhaar number. Certain so-called hackers while responding to a challenge thrown by Shri Sharma to attempt to really 'harm him by using his Aadhaar', have claimed to have found his mob no., PAN & other details such as alt. mob no., DoB, email, photo, frequent flight details, etc, through Aadhaar.
They boasted that they had got Shri Sharma's aforesaid personal details by hacking the Aadhaar database. This so-called claim, UIDAI said, is a farce and people should not believe such fraudulent elements active on social and other media.
Aadhaar database is fully safe and secure and no such information about Mr Sharma has been fetched from UIDAI's servers or Aadhaar database. This is merely cheap publicity by these unscrupulous elements who try to attract attention by creating such fake news.
Actually, anyone can Google or visit other sources and find out Sh. Sharma's personal details without Aadhaar. For example, Sh. Sharma's mobile number is available on NIC website as he was once Secretary IT, Government of India. His date of birth is available in the Civil List of IAS Officers which is kept in public domain and his address is on TRAI Website because he is TRAI Chairman. Similarly, his email id may be available in the public domain.
They clubbed all these inputs and claimed that they have managed to breach Aadhaar database and got his personal details, which is completely false. People are cautioned not to believe any such fake news about Aadhaar. In today's digital world through various search engines such as Google, personal data can be picked from different sources without Aadhaar and a profile can be made. It is reiterated that in this case of Sh. Sharma, no data has been fetched using his Aadhaar number from UIDAI's servers or Aadhaar database. One could have just Googled his name (without Aadhaar number), visited a few other websites and got most of the details.
It is reiterated that people usually give PAN or mobile number at many places. Someone can pick other personal data from different websites as he gets to know his PAN/mobile number.
Can anyone demand on this basis that PAN number is unsafe and should be abolished? Or, can say that it is the online world and online search which help gather information from different sources and create a profile and therefore, the online search should be prohibited?
Of course, this is not the answer. Therefore, it is strictly not the issue about Aadhaar or PAN or mobile number. It is a challenge of emerging digital world and personal data protection which have been sought to be addressed in the recommendations submitted by the Justice Srikrishna Committee."