Ludhiana’s urban development website publishes list of those who applied for low-cost houses, displaying their names, their father’s name and their Aadhaar numbers. Links were removed later but PDF files remained online on Tuesday, a day after being pointed out.

Harshraj Singh
Hindustan Times, Ludhiana
A screenshot of the Greater Ludhiana Area Development Authority website, where the Aadhaar numbers were published. The Aadhaar act makes it illegal for the 12-digit numbers of the biometric details to be published publicly.
A screenshot of the Greater Ludhiana Area Development Authority website, where the Aadhaar numbers were published. The Aadhaar act makes it illegal for the 12-digit numbers of the biometric details to be published publicly.

A Punjab government website exposed the Aadhaar numbers of more than 20,000 people who applied for low-cost housing in Ludhiana and Jagraon, the latest in a string of blunders by administrative officials that jeopardise citizen privacy.

Aadhaar, a 12-digit identity number, is linked to a person’s biometric details and has become increasingly mandatory for government services. Experts and activists have raised concerns over the risks to privacy it poses, and believe the country’s lackadaisical cyber security standards can put confidential information at risk of crimes such as identity theft.

India’s Supreme Court is currently in the process of determining whether the Aadhaar programme violates rights to privacy.

Around 20,100 Aadhaar numbers, the names of the people it belonged to and their father’s name were published on Greater Ludhiana Area Development Authority (GLADA) website. The details were published as lists of applicants for EWS houses (homes for people from economically weaker sections) under the Pradhan Mantri Awas Yojana (PMAY) programme, and of those who won the draw.

It was unclear how long the lists were up, but officials removed links leading to them on Monday when Hindustan Times brought it to their attention. The lists, while removed from the homepage, stayed online on the GLADA server and could be accessed by anyone who had the direct link.

According to Section 29 (4) of the Aadhaar Act, no Aadhaar number or core biometric information can be published, displayed or posted publicly, except for specified purposes.

District officials said the leak posed a threat to privacy. “If any government department has published a list of applicants with their Aadhaar numbers, their information can get leaked. It is a grave threat to the privacy of residents as Aadhaar information can be misused,” said Satish Thaman, member, Ludhiana district (west sub-division) grievances redressal committee.

Earlier, GLADA officials were unaware of how the Aadhaar numbers ended up online. “I will look into the matter,” additional chief administrator (ACA) Neeru Katyal Gupta said.

GLADA chief administrator Parminder Singh Gill said, “I have spoken to the official concerned who informed me that no Aadhaar card number was uploaded on the website. The GLADA’s website is being operated at the PUDA (Punjab Urban Development Authority) headquarters in Mohali. We are trying to contact the headquarters in this regard.”

Shortly afterwards, GLADA removed the links to both lists.

In April, more than a million Aadhaar numbers were leaked by a Jharkhand government website. Officials involved were similarly unaware of how the data made its way onto the public domain, prompting experts to point to a systemic flaw in India’s e-governance model.

http://www.hindustantimes.com/punjab/20k-aadhaar-numbers-leaked-on-govt-website-in-ludhiana/story-SUNfHvrLvwLR2IqOmtzwPP.html