Data breach: UIDAI complaint against payments company

Bengaluru: In a first, a FIR has been lodged against the co-founder of Qarth Technologies Pvt. Ltd -  a payments company - for providing authentication and e-KYC API services in an unauthorised manner through a mobile application on the Google Play Store.

The complaint was lodged at the High Grounds police station on Wednesday against Abhinav Srivastava, who claims to be a hacker at Ola connected cars platforms, and Authentication User Agencies (AUA) and e-KYC User Agencies (KUA) who shared their licence key with him. The complaint was lodged by the Deputy Director of UIDAI, Ashok Lenin.  Lenin stated in the complaint that the accused developed a mobile application namely ‘mygov aadhaar e-kyc’ and was providing authentication and e-KYC API services in an unauthorised manner. The application, he said, was using authentication and e-KYC service of NIC in violation of the sections 29(2), 22 (4) and 14 (1) (a) of the Aadhaar Act 2016.

Lenin also said that the accused misled people by using ‘mygov’ along with the name of the app he had developed. “UIDAI had issued detailed instructions to all AUAs and KUAs regarding ensuring the security of the authentication process. According to instructions, the AUA and KUA were told not to allow any other agencies to perform authentication by sharing their licence key. The accused in connivance with some AUAs and KUAs has provided unauthorized authentication and e-KYC API service.”  The police said that the accused stored the Aadhaar details of the people and leaked them to other. The accused have been booked under 37, 38 and 29(2) of the Aadhaar Act 2016, sections 65 and 66 of the IT Act 2000 and sections 120(B), 468 and 471 of IPC.