In a total shocker, we’ve just learned that one man compromised India’s biometric database. But by compromised, we mean totally compromised. Well, almost totally. But it’s the kind of dangerous embarrassment that almost makes the United States look good. Well, maybe not. But the database, called Aadhaar, manages 1.2 billion people’s official accounts in India. People in India access their tax, healthcare and government services using the ID number assigned with their biometric account. But people have been able to access the entire database for a bribe of…. $8. So India suffers yet another major scandal. It could be the largest breach, ever.
BIOMETRIC DATA OF ALL INDIAN CITIZENS ON SALE
The ID number is called the Unique Identification Authority (or UIDAI). Every UIDAI is associated with a ton of personal information for each person. This includes their fingerprints and iris scans. It is the largest such database of its kind in the world. Its use was greatly expanded after the Indian National Congress got gobsmacked in elections in 2014. Officials then more broadly used UIDAIs with more services and databases. So, major companies like Amazon and Uber have tried to get access to UIDAIs for local account management. Too bad for Amazon and Uber, as all they had to do was bribe someone $8 for full Aadhaar access.
Of course, Aadhaar had security breaches before. Last year Aadhaar leaked roughly 130 million residents accounts in the spring. But those were leaks. Rs 500, or $8 in the US, was all that was needed to buy access to the system from someone on WhatsApp. But even worse, a single account access of this type allows the intruder to then give anyone else full access as well. What could go wrong with that type of security? Indian authorities understandably called this a “major national security breach.” That’s because it was. Actually, it couldn’t have been more major.
INDIA SUFFERS SYSTEM AS BAD AS SOCIAL SECURITY?
We covered a related story about a woman who couldn’t access her UIDAI account because she had no fingers from leprosy. The government response to help her was not to help her. Then the media got the story and that changed. So there is a real problem with management and organization. But now the UIDAI system also seems very similar to the Social Security numbers in the US. That’s not good for privacy. But the scale of India’s population has made it a challenge to confirm biometric data for all those 1.2 billion people. So next we just might be writing a story about the largest scale identity theft ever imagined.
INDIA’S FUTURE UP FOR GRABS WITH NO SECURITY
But hopefully India will get it’s act together soon about security. It has the largest database of its kind. So the potentials for great, modern management are huge. But the potentials for criminal activity are also very real. Have criminals already taken advantage? We don’t know yet. Privacy concerns in the modern world are going to grow. And identity theft isn’t going away. Let’s hope India doesn’t end up being a cash cow for criminals.
So keep your eyes peeled, and we don’t mean shaved. This is a major story that will affect us all. It just might take a little time. For now, India suffers this alone. But modern problems tend to travel.