Govt makes plans to recover lost UID data

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.hindustantimes.com/India-news/Mumbai/Govt-makes-plans-to-recover-lost-UID-data/Article1-1049415.aspx

Confusion over loss of personal data of Aadhaar applicants has forced
the government to revise its e-Aadhaar portal.

The state's information technology department on Tuesday admitted that
'some data' (of around 1 lakh applicants) had been lost due to
decryption failure and loss of laptops. This means, many applicants
may have to re-enroll for the Unique Identification Number (UID) .

An official from the IT department said the state government was
trying to sort out the mess.

“The applicants who have not received their cards will have to first
verify from the e-Aadhaar portal [eaadhaar.uidai.gov.in] if their
number has been generated. If it is ready, the card can be downloaded
from anywhere. Applicants will have to apply again only if their
number has not been generated,” he said.

Government officials, however, clarified that applicants who have not
received their cards shouldn't re-apply immediately.

“It takes nearly four months to generate the Aadhaar card. We faced
problem in the first phase [February 2012], wherein nearly 5.1 lakh
cards of the 3.76 crore did not get delivered. The number is high in
the second phase as well, but this doesn't mean people have to
re-apply for the UID,” said the official.

According to state authorities, the lost data can't be misused as it
is highly encrypted. Nearly 10 cases of loss of laptops have been
registered in various parts of the state.

“This [loss of data and laptops] has happened across the country. The
number in Maharashtra is not as high as 3 lakh as it being reported.
The data of the applicants with the decryption failure will be
re-attempted and reviewed,” said Rajesh Aggarwal, secretary,
information technology department.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.