Aadhaar, India’s 12-digit biometric identification number scheme, has been dogged by controversy ever since the government set up the Unique Identification Authority of India to oversee its rollout and implementation in 2009. Activists and politicians have raised concerns about the security and privacy of the Aadhaar process as well as the fact that government agencies are pushing to make the number mandatory for citizens to avail of social welfare benefits and for services such as filing income tax returns.

It also seems that fears of Aadhaar data being stored without adequate security are increasingly coming true. The past two years have seen multiple leaks while reports show that it is also fairly easy to buy Aadhaar data. In fact, just this past week, there were reports of three instances of Aadhaar data being leaked and one admission by the government that it misled the Indian public about linking Aadhaar numbers with mobile phone numbers.

Andhra Pradesh leaks 20 lakh Aadhaar numbers

On April 30, independent researcher Srinivas Kodali reported that the Andhra Pradesh government had published the Aadhaar numbers of 20,71,913 pregnant women and new mothers in the 2015-2018 period.

Andhra Pradesh has been publishing around 20,71,913 #Aadhaar numbers of pregnant women and recent mothers during the period of from 2015-2018. While govt has legitimate interest in collecting this data for helping track mortality rates. The linking with Aadhaar and sharing is bad pic.twitter.com/juNFaLbr1x — Srinivas Kodali | శ్రీనివాస్ కొడాలి (@digitaldutta) April 30, 2018

In response, the Andhra Pradesh government has started an investigation with the Andhra Pradesh Cyber Security Operations Centre auditing and inspecting several government websites.

Provident fund data stolen from Aadhaar seeding portal

On Wednesday, the Business Standard reported that an Aadhaar-seeding portal of the Employees Provident Fund Organisation had been hacked into and confidential data stolen. The portal – which helped subscribers link their provident fund accounts with their Aadhaar numbers – had consequently been shut down over a month and a half ago.

Telangana pensioners’ data leaked

Then on Thursday, The New Indian Express reported that the personal data of over 2.5 lakh pensioners in Telangana, including their bank account and Aadhaar numbers, had been put up on the state treasuries department website, completely accessible to the public. This data was taken down only on Tuesday.

The theft of Aadhaar numbers of elderly pensioners has had grave consequences in the past. In October, the Aadhaar details of around 300 Hyderabadis were stolen along with Rs 40 lakh of their pensions.

No SIM-Aadhaar linking required after all

Also on Wednesday, the government clarified in the Times of India that there was, in fact, no need to link mobile phone SIMs with Aadhaar and that new SIMs could be issued to even those people who did not have an Aadhaar number. It said driving licences, passports and voter identity cards were sufficient to establish proof of identity.

On April 25, the Supreme Court had criticised the government for making SIM-Aadhaar linking mandatory by falsely arguing that the apex court had directed it. “In fact there was no such direction from the Supreme Court, but you took it and used it as tool to make Aadhaar mandatory for mobile users,” said Justice DY Chandrachud, one of the judges on the bench hearing the case of the constitutionality of Aadhaar.