Incident: Data Breach in Aadhaar Biometric System: Personal Details Sold Online

Published Date: 2018-01-04

Postmortem Analysis
Timeline 1. The software failure incident regarding the leak in the Aadhaar database, as reported in Article 67176, happened around January 2018. [67176]
System 1. UIDAI biometric system known as Aadhaar [67176]
Responsible Organization 1. The Unique Identification Authority of India (UIDAI) [67176]
Impacted Organization 1. Citizens in India [67176]
Software Causes 1. Unauthorized access to the UIDAI database through a breach in the grievance redressal scheme, allowing individuals to obtain personal information by entering any Aadhaar number into the UIDAI website [67176]. 2. Misuse of the grievance redressal scheme to access user information such as name, address, photo, phone number, and email address [67176]. 3. Provision of software for a fee that enabled the printing of Aadhaar cards for which the number was known [67176].
Non-software Causes 1. Lack of proper oversight and control over access to the database, leading to unauthorized access and potential misuse of personal data [67176]. 2. Inadequate security measures in place to prevent the sale of citizens' personal details for monetary gain [67176]. 3. Potential loopholes in the grievance redressal scheme that allowed for exploitation by unauthorized agents [67176].
Impacts 1. Personal details of citizens were being sold online for as little as 500 rupees, raising concerns about privacy and security [67176]. 2. The breach allowed unauthorized access to user information including name, address, photo, phone number, and email address [67176]. 3. The incident highlighted the misuse of a grievance redressal scheme that allowed Aadhaar agents to rectify issues but not access biometric details [67176]. 4. The breach led to widespread concerns among Indian citizens about the security of their personal data [67176].
Preventions 1. Implementing stricter access controls and authentication mechanisms to prevent unauthorized access to the database [67176]. 2. Conducting regular security audits and penetration testing to identify and address vulnerabilities in the system [67176]. 3. Ensuring proper training and awareness programs for employees and agents handling sensitive data to prevent misuse [67176]. 4. Enforcing strict penalties and consequences for individuals found guilty of leaking data to deter such actions in the future [67176].
Fixes 1. Implement stricter access controls and authentication mechanisms to prevent unauthorized access to the database [67176]. 2. Conduct a thorough security audit of the entire Aadhaar system to identify and address any vulnerabilities that could lead to data breaches [67176]. 3. Enhance monitoring and logging capabilities to detect any suspicious activities or unauthorized access attempts in real-time [67176]. 4. Improve the grievance redressal scheme to ensure that it does not inadvertently provide access to sensitive user information [67176]. 5. Enhance encryption protocols and data protection measures to safeguard biometric data and personal details stored in the database [67176].
References 1. The Tribune newspaper [67176]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident related to the Aadhaar biometric identity scheme has happened again within the same organization, UIDAI. The incident involved unauthorized access to the database, leading to the sale of citizens' personal details online [67176]. (b) The software failure incident related to the Aadhaar biometric identity scheme has also raised concerns about the security of personal data, not just within the organization but also among the general public and critics. Critics have warned about the risks associated with the scheme and the government's efforts to link it to various services [67176].
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase can be seen in the Aadhaar system breach reported in Article 67176. The breach occurred due to unauthorized access to the UIDAI database, allowing individuals to obtain user information such as name, address, photo, phone number, and email address by exploiting a grievance redressal scheme. This breach highlights a failure in the design of the system's security measures, potentially due to loopholes introduced during system development or updates. (b) The software failure incident related to the operation phase is evident in the misuse of the Aadhaar system by individuals offering services to obtain personal details for a fee. The operation failure occurred when individuals were able to misuse the system by selling user details online and providing unauthorized access to the UIDAI website through the use of a username and password. This misuse of the system points to operational vulnerabilities that were exploited by unauthorized agents during the incident.
Boundary (Internal/External) within_system (a) within_system: The software failure incident reported in the article is primarily within the system. The breach of the Aadhaar biometric system occurred due to unauthorized access to the database, misuse of a grievance redressal scheme, and the ability to obtain user information and print Aadhaar cards using purchased software within the system [67176]. (b) outside_system: There is no explicit mention in the article of the software failure incident being caused by contributing factors originating from outside the system.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident in this case appears to be related to non-human actions. The breach of the Aadhaar database was facilitated by a misuse of a grievance redressal scheme that allowed Aadhaar agents to rectify issues like a change in address and wrong spelling of a person's name. This misuse granted unauthorized access to user information, including personal details, without direct human involvement in the breach [67176]. (b) The software failure incident can also be attributed to human actions. The report mentioned that an "agent" was advertising services on WhatsApp, selling user details for a price. Additionally, the reporters were able to obtain a username and password, as well as software to print Aadhaar cards, after making payments to the agent. These actions by individuals facilitated the unauthorized access and misuse of the Aadhaar database [67176].
Dimension (Hardware/Software) software (a) The software failure incident in the Aadhaar system reported in Article 67176 was not directly attributed to hardware issues. The incident involved unauthorized access to the UIDAI database and misuse of a grievance redressal scheme, indicating a breach in the software system's security protocols rather than hardware failure. (b) The software failure incident in the Aadhaar system reported in Article 67176 was primarily due to software-related factors. The breach involved unauthorized access to user information, manipulation of the system to print Aadhaar cards, and misuse of a grievance redressal scheme within the software system. This incident highlights vulnerabilities in the software's security measures rather than hardware issues.
Objective (Malicious/Non-malicious) malicious (a) The software failure incident reported in Article 67176 is malicious in nature. The incident involved unauthorized access to the UIDAI database, where citizens' personal details were being sold online for a price. The breach allowed individuals to obtain sensitive user information such as name, address, photo, phone number, and email address by paying a fee to an "agent" who provided access to the UIDAI website. Additionally, the incident involved the sale of software that allowed printing of Aadhaar cards based on the obtained Aadhaar numbers. This unauthorized access and misuse of the grievance redressal scheme highlight malicious intent to exploit the system for personal gain [67176].
Intent (Poor/Accidental Decisions) poor_decisions (a) The software failure incident related to the Aadhaar biometric identity scheme in India can be attributed to poor decisions. The incident involved unauthorized access to the UIDAI database, where personal details of citizens were being sold online. The breach was facilitated by a grievance redressal scheme that allowed Aadhaar agents to rectify issues, but it was misused to access sensitive user information, including biometric data. Critics have raised concerns about the security risks associated with the Aadhaar system, especially as it has been made mandatory for access to welfare schemes despite warnings about the potential vulnerabilities introduced by linking it to bank accounts and mobile phone numbers [67176].
Capability (Incompetence/Accidental) development_incompetence, accidental (a) The software failure incident related to development incompetence is evident in the Aadhaar biometric identity scheme breach reported in Article 67176. The incident involved unauthorized access to the UIDAI database, allowing individuals to obtain personal details by exploiting a grievance redressal scheme meant for legitimate corrections like address changes and name spellings. This misuse highlights a lack of professional competence in designing and implementing secure access controls within the system, leading to a breach of sensitive user information [67176]. (b) The accidental aspect of the software failure incident is also notable in the same context. The breach was not a result of a deliberate attack but rather an accidental exploitation of a system feature meant for a different purpose. The report mentions that the breach seemed to be a misuse of the grievance redressal scheme, indicating that the unauthorized access was unintentional and not part of the scheme's intended functionality [67176].
Duration temporary The software failure incident reported in Article 67176 regarding the Aadhaar database breach can be categorized as a temporary failure. The breach occurred due to unauthorized access to the UIDAI database, allowing individuals to obtain user information and print Aadhaar cards for a fee. This incident was not a permanent failure but rather a temporary breach caused by specific circumstances, such as misuse of a grievance redressal scheme and unauthorized access to the system. The UIDAI clarified that the breach did not grant access to people's biometric details, indicating that the failure was temporary and limited in scope [67176].
Behaviour omission, value, other (a) crash: The software failure incident in the article does not involve a crash where the system loses state and stops performing its intended functions. (b) omission: The incident involves an omission where the system omits to perform its intended functions at instances. The article mentions that the Tribune newspaper was able to buy user details via an "agent" advertising services on WhatsApp. This allowed access to user information including name, address, photo, phone number, and email address, indicating an omission in the system's security measures [67176]. (c) timing: The incident does not involve a timing failure where the system performs its intended functions but too late or too early. (d) value: The software failure incident involves a value failure where the system performs its intended functions incorrectly. The article states that payment of a certain amount provided "software" that allowed the reporters to print out any Aadhaar card for which they had the number, indicating incorrect functioning of the system [67176]. (e) byzantine: The incident does not involve a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. (f) other: The other behavior observed in this software failure incident is the misuse of a grievance redressal scheme that allowed Aadhaar agents to rectify issues like a change in address and wrong spelling of a person's name. This misuse led to unauthorized access to personal data, indicating a failure in the system's access control mechanisms [67176].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, theoretical_consequence (a) unknown (b) unknown (c) unknown (d) People's personal details were being sold online for a small amount of money, impacting their privacy and potentially leading to identity theft or fraud [67176]. (e) unknown (f) unknown (g) The UIDAI stated that biometric data was safe and secure, although there were concerns raised about the security of personal data [67176]. (h) The government has always insisted that the biometric data is "safe and secure in encrypted form," and anybody found guilty of leaking data can be jailed and fined, indicating potential consequences for those responsible for the breach [67176]. (i) The breach of personal data could lead to various consequences such as identity theft, financial loss, or misuse of personal information, which were not explicitly mentioned but are potential outcomes of the software failure incident [67176].
Domain government The software failure incident reported in the article [67176] is related to the government industry. The failed system in question is the Aadhaar biometric identity scheme, which is a government initiative aimed at providing a unique identification system for Indian citizens. The incident involved unauthorized access to the Aadhaar database, leading to the potential leakage of personal information of citizens. The Unique Identification Authority of India (UIDAI), the government agency responsible for Aadhaar, filed a police complaint regarding the breach and expressed concerns over the security of personal data [67176]. The Aadhaar system, which was initially voluntary but later made mandatory for access to welfare schemes, has faced criticism and scrutiny regarding data security and privacy issues [67176].

Sources

Back to List