Unique Identification Authority of India ( UIDAI) has clarified that there has been no security breach of its database or Central Identities Data Repository (CIDR). The clarification came amid media reports of alleged compromise leading to a data breach that could have “potentially affected” over 6000 Indian organizations including UIDAI, Reserve Bank of India, Bombay Stock Exchange among others.
UIDAI said that the alleged data compromise by the hacker that has been displayed as an advertisement on the Darknet included the names, email addresses, Public IP addresses and organization details that were merely the basic profile information of the contact persons of some of the affiliates of Internet Names and Numbers (IRINN) which is a division functioning under National Internet Exchange of India (NIXI) and provides allocation and registration services of Internet Protocol addresses (IPv4 & IPv6) and Autonomous System numbers (ASN) to its affiliates which includes private and government organizations.
In a statement, UIDAI said, “The supposed incident related to the claimed breach of information from IRINN does not contain any confidential data of UIDAI and has not affected any services provided by the Authority.”
“As such these details are already present in the public domain and the information available on the Darknet doesn’t provide any sensitive or confidential information and has no “potential effect” as such vis-a-vis the UIDAI.” The Aadhaar authority reiterated that its existing security controls and protocols are robust and capable of countering any such attempts or malicious designs of data breach or hacking. Security of Aadhaar is of critical importance to the government and UIDAI has given it paramount significance.