Article Image

IPFS News Link • Hacking, Cyber Security

The World's Largest Biometric Digital ID System, India's Aadhaar, Just Suffered Its...

•, by Nick Corbishley

In one fell swoop, roughly 10% of the global population appears to have had some of their most valuable personal identifiable information (PII) compromised. Yet Aadhaar continues to receive plaudits from Silicon Valley. 

An anonymous hacker claims to have breached the digital ID numbers, as well as other sensitive personal data, of around 815 million Indian citizens.

To put that number in perspective, it is more than 60% of the 1.3 billion Indian people enrolled in the government's Aadhaar biometric digital identity program, and roughly 10% of the entire global population. Thanks to the breach — the largest single one in the country's history, according to the Hindustan Times — the personal data of hundreds of millions of Indians are now up for grabs on the dark web, for as little as $80,000.

To register for an Aadhaar card, Indian residents have to provide basic demographic information, including name, date of birth, age, address and gender, as well as biometric information, including ten fingerprints, two eyeball scans and a facial photograph. Much of that data has apparently been compromised.

Media reports suggest that the source of the leak was the Covid-19 test data of the Indian Council of Medical Research (ICMR), which is linked to each individual's Aadhaar number.

The alarm was first raised by Resecurity, a Los Angeles-based cyber security company, which on Oct 15 included the following in a blogpost on its corporate website:

On October 9th, a threat actor going by the alias 'pwn0001' posted a thread on Breach Forums brokering access to 815 million "Indian Citizen Aadhaar & Passport" records. To put this victim group in perspective, India's entire population is just over 1.486 billion people.