Digital identities of over a million citizens have been compromised by a programming error on a website maintained by the Jharkhand Directorate of Social Security.
The glitch has revealed the names, addresses, Aadhaar numbers and bank account details of the beneficiaries of Jharkhand’s old age pension scheme.
Jharkhand has over 1.6 million pensioners, 1.4 million of whom have seeded their bank accounts with their Aadhaar numbers to avail of direct bank transfers for their monthly pensions.
Their personal details are now freely available to anyone who logs onto the website, constituting a massive data breach at a time when the Supreme Court, cyber-security experts and opposition politicians have questioned a government policy to make Aadhaar mandatory to get benefits of a variety of government schemes and services.
When HT reporters logged onto the site, they could drill down to get transaction-level data on pension paid into scores of pension accounts.
The publishing of Aadhaar numbers is in contravention of Section 29 (4) of the Aadhaar Act. Earlier this year, the Unique Identification Authority of India (UIDAI) blacklisted an Aadhaar service provider for 10 years for publishing the Aadhaar number of MS Dhoni, former captain of the Indian cricket team.
The authority has also filed at least eight police complaints in the past month against private parties for “illegally collecting” Aadhaar numbers of citizens – information that the Jharkhand government has now put into the public domain. UIDAI did not respond to queries sent by HT.
At present, the Supreme Court is considering the legality of a government decision to make it mandatory to provide an Aadhaar number when filing income tax returns.
In Jharkhand, officials were surprisingly sanguine about the breach, suggesting that they had been aware of the situation for several days.
“We got to know about it this week itself. Our programmers are working on it, and the matter should be addressed very soon,” said MS Bhatia, secretary of the state’s social welfare department.
Bhatia declined to comment on the legal implications of publishing this information.