Bengaluru-based Ola-subsidiary firm booked for Aadhaar data theft
A Bengaluru-based company has been booked for stealing Aadhaar details. While the Ola subsidiary has been accused of data theft, the incident also exposes the security flaws in the UIDAI system.
Deputy Director of Unique Identification Authority of India system, Ashok Lenin, registered a complaint against Qarth Technologies Pvt Ltd, a subsidiary firm of Ola. The firm has been accused of leaking data that was accessed illegally from Aadhaar websites.
"The accused had developed an Android app to provide e-KYC documents or customers. The app was available on Google Play Store. The documents were allegedly provided by accessing the Aadhaar database from Aadhaar website. This has happened without any permission from the UIDAI or other authorities concerned," said the complaint by Lenin.
How the firm accessed Aadhar data
While UIDAI is unclear of the modus operandi they suspect that the data was accessed in 'collusion with others with malintent.' The firm is suspected to have sought the help of others to gain access to the secure database. The data was then leaked to Qarth Technologies. System experts have time and again pointed at security flaws in the UIDAI system that makes data theft easy. This incident once again exposes how easy it is for someone with technical knowledge to breach Aadhaar security and access details, violating privacy.
Following a complaint, the High grounds police in Bengaluru booked the company and its promoters for accessing secure Aadhaar database and leaking information under sections 37, 38, 29(2) of Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and Services) Act 2016, sections 65 and 66 of the IT Act.