 "Aadhaar data on sale: A step-by-step guide to locking your biometric data")
In a serious data breach, personally identifiable information of 815 million Indians has recently been up on the dark web for sale, according to a report by US-based cybersecurity firm Resecurity. Details such as Aadhaar and passport information along with names, phone numbers and addresses are available for sale online, it has said.
Media reports suggested that the Indian Council of Medical Research (ICMR) database might have been compromised, given the extensive scope and sensitive nature of the information.
According to the Resecurity website, on October 9, an individual using the alias "pwn0001" shared a post on BreachForums (a darknet crime forum) offering access to 815 million records containing information on "Indian Citizen Aadhaar and Passport".
In August this year, another threat actor known as "Lucius" posted a thread on BreachForums offering to sell a 1.8 terabyte data leak related to an unnamed "Indian internal law enforcement organisation".
Since its inception in 2009, UIDAI has issued approximately 1.4 billion Aadhaar cards. A report from the Brookings Institution in 2022 highlighted that the ID system ranked among the world's largest biometric identification initiatives.
"Adopting measures like encryption, multifactor authentication and access controls are vital to protect data. Regular security audits and updates are also components of a cybersecurity strategy that can adapt to emerging threats effectively," Sanjay Kaushik, managing director of Netrika Consulting, told Business Standard last week.
However, users can lock their biometric details to protect their data and prevent data breaches.
More From This Section
What is biometric locking?
According to the official website of the Unique Identification Authority of India (UIDAI), biometric locking/unlocking is a service that allows an Aadhaar holder to lock and temporarily unlock their biometrics. "This facility aims to strengthen privacy and confidentiality of resident's biometrics data," the website said.
Which biometric data can be locked?
Fingerprint, iris and face as a biometric modality will be locked, and after biometric locking, the Aadhaar holder will not be able to perform the Aadhaar authentication using the above-mentioned biometric modalities.
What happens when the Aadhaar biometric data is locked?
Locked biometrics confirm that Aadhaar holders cannot use biometrics (fingerprints/iris/face) for authentication. It is a safety feature to stop any biometric authentication.
It also ensures that any entity by any means cannot perform biometric-based Aadhaar authentication for that Aadhaar holder.
Who can and when to lock biometrics?
Aadhaar number holders who have registered mobile numbers may lock their biometrics. This facility aims to strengthen the privacy and confidentiality of resident's biometrics data.
After locking biometrics, if a UID is used for invoking any of the Authentication services using a biometric modality(Fingerprint/Iris/Face), a specific error code "330" indicating biometrics are locked will be displayed, and the entity will not be able to perform the biometric authentication.
How to lock biometric Aadhaar data?
- Go to the UIDAI site and log into your profile
- Click on the "menu" button
- Click on "Biometrics settings"
- Tick the "Enable Biometric Lock" option
- Tap on "OK"
- You will get an OTP on the registered mobile number
- Enter the OTP, and the biometric details will be locked
How to unlock biometric Aadhaar data?
The biometric unlock can be done by the resident either by visiting the UIDAI website, enrolment centre, Aadhaar Seva Kendra (ASK), or through m-Aadhaar.
A registered mobile number is essential to avail of this service. In case your mobile number is not registered with Aadhaar, visit the nearest enrolment centre/mobile update endpoint.