Why The Aadhar Data Breach Is A Very Big Deal
A sting operation by the newspaper The Tribune has reported that with a very nominal payment of 500 rupees, their team was able to get access to an Aadhar portal that was intended for use only by authorised officials responsible for helping citizens retrieve lost or forgotten data. Aadhar is a relatively new unique identifier for all residents of India When the news broke, the organisation in charge of India's unique ID database, the Unique Identification Authority of India (UIDAI), played down suggestions that a data breach had taken place. Their main contention was that the biometric data (fingerprints and iris scans) of residents was stored in a secure and encrypted manner, and that it was not exposed through the mechanism used by the Tribune. Let us analyse what happened, and why it is in fact a big deal. There are four primary security threats that organisations have to guard against: Disclosure (unauthorised persons gaining access to sensitive information) Deception (the sy