Andhra Pradesh: Details of 89L MNREGA-beneficiaries compromised in Aadhaar Leak

By Shalini Ojha

Apr 28, 2018

01:38 pm

What's the story

In a major embarrassment to the state government, the Andhra Pradesh Benefit Disbursement Portal made details of 89,38,138 MNREGA beneficiaries public. The leak was brought to light by a Hyderabad-based Internet security researcher Kodali Srinivas. He called it a serious violation of privacy. This incident came a day after the state government compromised details of 1.34 lakh citizens on another of its website.

Twitter Post

Where is the UIDAI's bug reporting mechanism, asks whistle-blower

Another day, yet another #Aadhaar data leak of 89,38,138 MNREGA workers. Website maintained by $100 billion company TCS along with another government department. Reported to security agencies. Question: where is the UIDAI bug reporting mechanism? pic.twitter.com/0L4K2YUyl1

— Srinivas Kodali | శ్రీనివాస్ కొడాలి (@digitaldutta) April 26, 2018

Details

"They hired engineers from private company still no use"

Speaking of the leak with TheNewsminute.com, Srinivas Kodali said, "The portal was being managed by APOnline, which is a joint venture between the state government and Tata Consultancy Services (TCS). It is not like they didn't have the capacity, as they hired engineers from a private company." He added till a mechanism was implemented to acknowledge the leaks, these will happen continuously.

What happened next

After whistle blower's tweet, website begins masking details

After Kodali flagged the issue, the website began masking the numbers. Earlier when details of 1.34 lakh citizens were compromised, their religion, caste and bank details (branch and IFSC code) were accessible. The information was available on Andhra Pradesh State Housing Corporation's website. This was in stark contrast to UIDAI's claim that it didn't link these details with Aadhaar numbers.