Cybersecurity giant Gemalto has issued an apology to UIDAI, the authoritative body for India’s Aadhar identity database. Gemalto’s apology comes after it published its 2018 breach level index report wherein the company had claimed that of the 4.5 billion records globally that were compromised in the first half of 2018, over 1 billion were due to a massive ‘data breach’ in Aadhar database.
The original Breach level index report was published on October 15. It had also highlighted the claim that compromised data records of only 1 out of 12 records were protected by encryption. The original report had put Aadhar in the category of Facebook, Equifax and Reliance Jio in terms of information breach score.
It had created a huge uproar in India where many Aadhar opponents and critics had cited this report to criticize the central government and UIDAI.
However, after a strong backlash by UIDAI over the misrepresented facts, Gemalto had on October 18, updated its 2018 Breach level index report and mentioned that data breach comprises only 3.3 billion records, without any mention of Aadhar in the report.
Gemalto’s apology, has been published today in print in many leading newspapers in India has been released on behalf of its CEO Philippe Vallee and states that “Gemalto profusely regrets on its Breach Level Index Report 2018 and the subsequent press release issued in India on 15th October where it has by mistake taken into account an unverified news article about alleged Aadhaar data breach.”
The original report published on October 15 had claimed that the 1 billion records compromised in the Aadhar breach incident had names, addresses and other personally identifiable information of Indians.
The original report claimed that a total of 945 incidents of data breach has compromised 4.5 billion records out of which 1 billion were from India. the updated report, however, retracted the previous claim and stated that in 944 incidents of data breach, 3.2 billion data records have been compromised worldwide.
In its apology statement, the company has also mentioned that their report was based on an unverified news report and in their subsequent efforts, their company has not been able to identify any verified or substantiated breach on Aadhar data. It has also stated that by publishing unverified information, the company has caused prejudice and they deeply regret it.
There have been numerous claims over possible data breach in UIDAI. Early in 2018, the newspaper Tribune India had claimed that Aadhar data of individuals are being sold for as little as Rs 500. UIDAI had denied the claim and had filed FIRs against the newspaper publication house under relevant sections of IPC on cheating and forgery.
In September this year too, there were reports published in newspapers that the software UIDAI uses has been hacked and millions of records have been compromised. The government of India and UIDAI have, time and again, asserted that there is no breach and the Aadhar data of individuals are completely secure.
Last month, the Supreme Court of India, in its verdict, has reaffirmed the constitutional validity and importance of Aadhar. UIDAI chairman J Satyanarayana had stated recently that Aadhar based direct benefit transfer has saved Rs 90,000 crores of exchequers’ money in India.