The UIDAI in a response to RTI revealed the fact. The Aadhaar-issuing authority did not specify the period or when the breach occurred.
The authority added that taking note of the breach they got the data removed from those websites. The UIDAI also mentioned in the RTI response that Aadhaar details were never made public from its end.
The authority said, “Around 210 websites of the Central government and State government departments including educational institutes had displayed the list of beneficiaries along with their name, address and other details.”
The RTI reply also said, “UIDAI has a well designed, multi-layer approach robust security system in place and the same is being constantly upgraded to maintain highest level of data security and integrity.”
It further said that the architecture of the Aadhaar ecosystem has been designed to ensure data security and privacy which is an integral part of the system from the initial design to final stage.
The Aadhaar-issuing body further added, “Specific policies and procedures have been defined. It is regularly reviewed and updated continually thereby appropriately controlling and monitoring any movement of people, material and data in and out of UIDAI premises, particularly the data centres.”
The authority also added that security audits are conducted on regular basis to further strengthen security and privacy of the data.