Till date, no breach of Aadhaar card holders’ data has occurred from the Unique Identification Authority of India (UIDAI) database, the government claimed in Parliament on Wednesday.
In a written reply in the Lok Sabha, Minister of State for Electronics and Information Technology Jitin Prasada said Aadhaar is the world’s largest biometric identity system with approximately 134 crores live Aadhaar holders. It has completed more than 16,000 crore authentication transactions.
The UIDAI, he said, has comprehensive measures in place to protect the personal data of Aadhaar number holders. It has implemented a multi-layered security infrastructure with a defence-in-depth concept to protect its database and continuously reviews/audits the same to protect its systems. It uses advanced encryption technologies for protecting data during transmission and storage. The UIDAI’s Information Security Management System is ISO 27001:2022-certified by STQC. UIDAI is also certified ISO/IEC 27701:2019 (Privacy Information Management System). Further, the UIDAI is declared as a protected system, and hence the National Critical Information Infrastructure Protection Centre (NCIIPC) continuously provides security advice to maintain its cybersecurity posture.
Prasada said an independent audit agency is engaged for the creation of the Governance, Risk, and Compliance and Performance (GRCP) framework for the Aadhaar ecosystem and oversight for adherence to the same.
It continuously conducts cybersecurity audits of UIDAI applications, including Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).