There has been no breach of Aadhaar cardholders’ data from the UIDAI database to date, the government said on Wednesday. A multi-layered security infrastructure and Aadhar’s status as a nationally protected system shield it from threats, minister of state for electronics and information technology Jitin Prasada told Parliament.

Aadhaar is the world’s largest biometric identity system with approximately 134 crore live Aadhaar holders. It has completed more than 16,000 crore authentications, Prasada said.

The minister said UIDAI has implemented a multi-layered security infrastructure with a defence-in-depth concept to protect its database and continuously reviews and audits the same to protect its systems. It also uses advanced encryption technologies for protecting data during transmission and storage.

“UIDAI’s information security management system is ISO 27001:2022-certified by the Standardisation Testing and Quality Certification Directorate. UIDAI is also certified ISO/IEC 27701:2019 (Privacy Information Management System),” he said.

UIDAI is declared as a protected system, and hence the National Critical Information Infrastructure Protection Centre (NCIIPC) continuously provide security advice to maintain its cybersecurity posture.

“An independent audit agency is engaged for the creation of the governance, risk, and compliance and performance framework for the Aadhaar ecosystem and oversight for adherence to the same. It continuously conducts a cybersecurity audit of the UIDAI application, including static application security testing and dynamic application security testing,” he said.

During the last session, Parliament’s Public Accounts Committee (PAC) had asked UIDAI to conduct a scientific scrutiny. A multi-party panel had questioned the ministry of electronics and information technology (Meity) officials over reports of regular data breaches. It had also raised concerns over biometric discrepancies leading to beneficiaries being denied benefits and a delay in deactivating Aadhaar numbers of people who have passed away.

While the Centre has always stressed that Aadhar data remains secure, there have been multiple reported instances of breaches in Aadhar’s databases earlier.

In 2018, hackers had advertised access to the database at Rs 500 for 10 minutes. The World Economic Forum’s Global Risks Report 2019 had called it the largest data breach globally.

In 2023, hackers had reportedly stolen COVID-19 test results and associated Aadhaar details of 81.5 crore Indians.

Last year, the MeitY had admitted to blocking some websites which were exposing the Aadhar and PAN data of Indian citizens.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!