The Unique Identification Authority of India (UIDAI) has pulled up three organisations in what appears to be a data breach of the Aadhaar system. The breach that is currently under investigation has caused privacy concerns, and it all comes at a time when the government is pushing for digital payments.

The breach also raises plenty of questions over the security features the UIDAI’s Aadhaar system offers.

According to a report by Livemint, the UIDAI had filed a police complaint on 15 February against Axis Bank Ltd, business correspondent Suvidhaa Inforserve and e-sign provider eMudhra, stating that they had allegedly attempted unauthorized authentication and impersonation by means by illegally storing Aadhaar biometrics.

According to the same report, all three had been given time till 27 February to explain why they did the same.

UIDAI detected the problem when it found multiple transactions done using the same fingerprint. The official who spoke on conditions of anonymity to Livemint, said that this would not have been possible without storing biometric data.

An Axis Bank spokesperson told Livemint that it was a developer from Suvidhaa that carried out the live Aadhaar-based authentications, which is technically where the blame games begin.

Indeed this goes against the government’s claims that Aadhaar is impenetrable and invulnerable.

The UIDAI indeed seems to be on spring cleaning drive. It recently shut down a 12 fraudulent websites and even took down some mobile apps for fleecing unsuspecting customers and even for unauthorized sharing of data. UIDAI has directed the closure of 26 more illegal and unauthorised websites and applications.

http://tech.firstpost.com/news-analysis/aadhaar-data-breach-uidai-finds-multiple-transactions-done-with-the-same-fingerprint-364155.html