UIDAI issued clarification: No breach in data of Aadhaar card holders, extensive measures taken for security

New Delhi, 17 December. Aadhaar is the world’s largest biometric identification system, with around 134 crore active Aadhaar holders. More than 16,000 crore authentication transactions have been completed on it. In such a situation, many times questions have been raised regarding the security of personal data related to Aadhaar. But the Unique Identification Authority of India (UIDAI), the body authorized to issue Aadhaar, has clarified that comprehensive measures have been taken to protect the personal data of Aadhaar number holders.

• UIDAI has implemented a multi-layered security system with deep security to protect its databases and it also conducts continuous reviews/audits to ensure the security of its systems.
• It uses advanced encryption technologies to protect data during transmission and storage.
• The Information Security Management System of UIDAI has been certified ISO 27001:2022 by STQC. UIDAI is also certified to ISO/IEC 27701:2019 (Privacy Information Management System).
• Furthermore, UIDAI has also been declared a protected system and hence the National Critical Information Infrastructure Protection Center (NCIIPC) provides continuous security advisories to maintain its cyber security posture.

An independent audit agency has also been appointed to design the Governance, Risk, Compliance and Performance (GRCP) framework for the Aadhaar system and monitor its compliance. The agency conducts frequent cyber security audits of UIDAI applications, including Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).

At present, there has been no breach in the data of Aadhaar card holders from the UIDAI database. This information was given by Union Minister of State for Electronics and Information Technology Jitin Prasad.