- Veröffentlicht: 11. August 2017
The Qarth-Aadhaar data theft case was the result of fraud at the level of KYC User Agencies (KUAs) and not any breach in the data base of Unique Identification Authority of India (UIDAI), officials with the authority said on Thursday.
The data was accessed by the accused from e-hospital, hosted by National Informatics Centre(NIC), described as the Government of India's "prime builder" of e-Government / e-Governance applications, police sources confirmed.
According to the sources, the fraud came to the notice of UIDAI headquarters during a random check by their social media monitoring team. The team found the e-KYC app hosted by the accused, associated with the Qarth Technologies Pvt Limited, and alerted its Bengaluru team to file a police complaint.
"The KUA is likely to be arraigned as the accused no 2," a source said. Abhinav Srivastav, founder of Qarth Technologies start-up, is the accused no 1.
UIDAI chief AB Pandey said, "The UIDAI would like to inform and reassure the public that there is no breach of any Aadhaar data and compromise of individuals' privacy and security in this case."
He said that the App was trying to provide Aadhaar verification to the residents based upon their own consent.
Pandey said that after an inquiry, it was found that the residents were using this App to download their own demographic data after giving their consent through OTP received on their own Aadhaar-linked mobiles.
"In other words, residents were downloading their own demographic data such as name, address, gender through this App. Hence, alleged privacy violations reported in some section of media is not true as no one could not get data of any other person through this App," he said.
While demographic data pertains to address, sex, age, gender and mobile phone number and such details, biometric data pertains to finger prints and iris.
The UIDAI chief said even though residents were downloading their own demographic data, legal actions were initiated against the owner of the App since it was not authorised to provide such services to the people and such acts are criminal offence punishable under Aadhaar Act, 2016.
"It is further reiterated that data of not even a single non-consenting resident has been given by UIDAI through this App. Therefore, any media report suggesting breach of UIDAI's Aadhaar database or CIDR is completely incorrect. Aadhaar data remains fully safe and secure," he added.
KYC User Agencies are franchises contracted with authenticating Aadhaar-enabled services to Aadhaar number holders with the consent of the latter. According to sources in the know, there are, as on date, at least 254 KUAs engaged by the UIDAI, including government and non-government ones.
Assuming a citizen goes to a mobile phone service provider and gives his or her Aadhaar number as identity proof, the service provider would be the KUA who will be authenticating the KYC (Know Your Customer) details.
Once the citizen gives his biometric (thumb print) or authenticates himself through an OTP that comes to his mobile, the e-KYC or the demographic data from UIDAI is passed on to the KUA, which will authenticate whether the citizen's Aadhaar credentials are valid or not.
Autor(en)/Author(s): Rohith B R
Quelle/Source: The Times of India, 04.08.2017