(Reuters) — India on Thursday began investigating a report that access to its database of the identity details of more than 1 billion citizens was being sold for just $8 on social media, in what could be one of the giant program’s biggest security breaches.
The Tribune newspaper said it had been able to buy login credentials to the Aadhaar database, allowing it to acquire information such as the names, telephone numbers and home addresses of millions of people.
The paper said it bought access for as little as 500 rupees ($7.89) from someone on a WhatsApp social media group.
The “case appears to be an instance of misuse,” said the Unique Identification Authority of India (UIDAI), which runs the biometric identity card scheme, the world’s largest.
The agency said it had initiated a police complaint against the people responsible for selling the access, but did not identify them.
Crucial data, “including biometric information, is fully safe and secure,” the agency said in a statement. The database incorporates fingerprints and iris scans, besides basic information details.
“Mere display of demographic information can’t be misused without biometrics,” it added, ruling out financial fraud, saying access to bank accounts required further authentication that involved fingerprint and iris scans.
But the breach is the latest in a program facing increasing scrutiny over privacy concerns and is likely to prompt further questions about data safety.
India’s Supreme Court is holding hearings to decide if a drive by the administration of Prime Minister Narendra Modi to link Aadhaar to…