Lawmakers flag biometric failures and potential data leaks; UIDAI claims central repository is secure
The Public Accounts Committee (PAC) of the Indian Parliament has urged the Unique Identification Authority of India (UIDAI) to conduct a scientific review of its central biometric database, amid growing concerns about the safety of Aadhaar data, Deccan Herald has reported.
The recommendation came as the multi-party panel, chaired by Congress MP KC Venugopal, reviewed the functioning of UIDAI in light of findings from a 2021 audit report by the Comptroller and Auditor General (CAG) of India. UIDAI, a statutory body established under the Aadhaar Act, 2016, is responsible for issuing unique 12-digit identification numbers to Indian residents.
MPs on the committee raised serious questions about the high rate of biometric authentication failures under the Aadhaar system, which they said had led to the exclusion of eligible beneficiaries from government welfare schemes. The panel also cited growing concerns about potential data breaches involving Aadhaar information.
Responding to the panel’s concerns, UIDAI officials, quoted anonymously by The Hindu, maintained that the Central Identities Data Repository (CIDR)—which houses all Aadhaar-related biometric and demographic data—remains secure. The body claimed that reported breaches have originated from third-party enrolment centres, not from the central repository itself. It further stated that monitoring mechanisms at these centres have been strengthened in response.
Earlier this year, digital threat intelligence firm CloudSek reported that personal data, including Aadhaar numbers and mobile details of around 750 million Indians, had allegedly been offered for sale online—raising alarms about the system’s vulnerability to cyber threats.
In December, Union Minister of State for Electronics and IT, Rajeev Chandrasekhar, informed Parliament that India had experienced 165 data breaches between January 2018 and October 2023. He reiterated that the Aadhaar system’s central database had not been compromised. However, a Tribune investigation in 2018 had claimed to have gained “unrestricted access” to Aadhaar holder information via anonymous sellers on WhatsApp—an incident that continues to cast a shadow over official assurances of security.
The PAC’s call for a scientific audit of UIDAI’s data practices reflects growing pressure on the government to ensure robust safeguards for one of the world’s largest biometric ID systems.