Aadhaar data breach exposed again: Anyone can access your bank name using 12-digit number

A new case of what appears to be an Aadhaar-related breach of privacy has come to the fore, in which anyone in possession of an Aadhaar number can know the last bank the number was linked to by simply dialing a number given out by the UIDAI itself.

On dialing the USSD code *99*99*1# on a mobile phone, anyone can verify which was the bank account linked to the particular Aadhaar number.

Although the feature doesn’t reveal the account number except for the bank’s name, privacy experts raise question over sharing private details with others.

The issue was brought to the notice yesterday by a Twitter account which highlighted the privacy concerns.

Do you guys know by dialing *99*99*1# from your mobile & entering any Aadhaar number, you can know that that Aadhaar is linked to which bank?!
Yes! enter any Aadhaar no.that you know of from any mobile by dialing the above given no.& you’ll know the bank attached. @Stupidosaur

— N (@_morphiine_) January 8, 2018

Last month, Economic Times reported the various methods to find out the ways to check whether your Aadhaar has been linked to your bank account.

The story explained one can visit the 'Aadhaar website' and check the 'Bank Account Linking Status'.

Besides, the story mentioned, there is an alternate way to check -- through below processes:

1. Dial *99*99*1#
2. Enter your 12 digit Aadhaar number
3. Confirm that the digits entered by you are correct
4. On confirmation, it will show you the bank account linked to Aadhaar

On December 23, UIDAI tweeted the same information from its official account.

You can also check your Bank Account Linking status by dialing USSD code - *99*99*1##BankOnYourAadhaar #GoCashlessGoDigital pic.twitter.com/vTDh73YFNm

— Aadhaar (@UIDAI) December 23, 2016

The new case of data breach comes after a journalist exposed the loopholes in UIDAI’s security system. The journalist got unrestricted access to Aadhaar details of more than a billion citizens in just Rs 500.

The journalist got access to details such as name, address, postal code (PIN), photo, phone number and email. After payment of additional Rs 300, the journalist was provided with software to print the card of any individual.

Later, Unique Identification Authority of India (UIDAI) has denied any data breach in its security.

Calling the report of a data breach as ‘misreporting’, UIDAI said, “The Aadhaar data, including biometric information, are fully safe and secure”. 

In a series of tweets, however, UIDAI said the act could have been an instance of misuse of the grievance redressal search facility. It also said to take appropriate action against the person by tracing them.