TRAI chief’s challenge exposes how safe our Aadhaar data really is?here’s all you need to know

by Elton Gomes

In what seems to be a scary reminder of how safe our Aadhaar details are, alleged personal details of TRAI chief R.S. Sharma were exposed after he tweeted his 12-digit Aadhaar number, and challenged anyone to show him a “concrete example” of “any harm.”

In a series of tweets, a user going by the name of Elliot Alderson and claiming to be a “French security researcher,” exposed Sharma’s details such as his ”personal address, DoB, your alternate phone number.” Alderson then explained to Sharma how risky it could be to make Aadhaar data public.

“People managed to get your personal address, DoB and your alternate phone number. I stop here, I hope you will understand why make your Aadhaar number public is not a good idea,” Alderson said in a tweet.

People expose more details of Sharma

After Alderson’s tweets, several users on Twitter had a field day probing deeper into Sharma’s personal details. Some put out tweets claiming that they had Sharma’s permanent account number (PAN) and cellphone number, whereas others warned him about the dangers of throwing such a challenge on a social media platform.

Other users also claimed victory over the alleged leak, but Sharma remained adamant that revealing personal details does not cause any harm.

A Twitter user going by the pseudonym of “Dean of #JioInstitute” claimed to have access to Sharma’s frequent flyer number with Air India.

As per a report in the Times of India, ethical hackers claimed that they had Sharma’s bank account details. Some users even posted screenshots of sending one rupee to Sharma via Aadhaar-enabled payment services like the BHIM app and Paytm. The hackers also claimed that they had access to Sharma’s bank account number and IFSC codes for five other accounts. Additionally, Sharma’s demat account details were posted on Twitter, along with a recent usage of his Aadhaar card.

A report in the Wire mentioned that earlier today, Sharma’s daughter, Kavita Sharma was threatened via mail. The sender warned Kavita that her father’s email accounts were compromised and that his Punjab National Bank account “is under imminent threat of being hacked”.  The email said that Sharma has turned out to be an “embarrassment to the nation and put a bounty on his accounts for hackers.” It then warned Kavita that all “sensitive files would be released if he does not delete his accounts immediately”.

In addition, the email said that if instructions are not complied with, “a remote malware would be installed in his private cellphone and all his communications would be intercepted and archived. His emails would be encrypted and unless a ransom is paid, it would remain out of reach and released to the media”.

Although much of Sharma’s information can be said to be already public, he did no verify whether details pertaining to his PAN were accurate. When news agency PTI contacted him, Sharma refused to comment and said, ”Let the challenge run for some time,” Business Standard reported.

Furthermore, Sharma dismissed most of the information being revealed as ‘public information’ and seemed hell-bent on the surmise that ”Aadhaar compromises the privacy of the person”. The TRAI chief clarified that his challenge was never about phone numbers and personal information, but it was for causing harm by using his Aadhaar number.

“No I did not challenge them for phone number and other info. I challenged them for causing me harm! So far no success. Wish them luck,” Sharma wrote on Twitter, as per the Business Standard report.

What the UIDAI said

The Unique Identification Authority of India (UIDAI) dismissed all claims by users that they had access to Sharma’s details. “Any information published on Twitter about RS Sharma wasn’t fetched from Aadhaar database or UIDAI’s servers,” the UIDAI said, adding, “in fact, this so–called “hacked” information was already available in public domain as he being a public servant for decades and was easily available on Google and other sites,” the Financial Express reported.

The UIDAI reiterated that the Aadhaar system has been safe, and that this was simply an attempt to malign the authority. “This is a motivated attempt to malign UIDAI, whose servers remain secure and reliable. Aadhaar database is totally safe and has proven its security robustness over last eight years,” the UIDAI said, as reported by the Times of India.

The matter once again brings Aadhaar safety to the forefront: How safe is our data in the hands of the government? There have been rumours that Sharma could become the head of India’s Data Protection Authority when such a panel is setup. In case that happens, can Sharma be trusted with data of over a billion people?

Elton Gomes is a staff writer at Qrius