The director of treasuries department in Telangana, KSRC Murthy issued orders to remove the Aadhaar and bank account details of the pensioners from being publicly displayed on the website.
Sensitive personal data of over 2.5 lakh pensioners in Telangana, including their bank account number, Aadhaar number and other personal details was easily available to hackers on the State treasuries department website till Tuesday.
This, despite a circular being issued in March by UIDAI asking all State government departments to remove Aadhaar and biometric information of public from State government online portals in accordance with the Aadhaar Act.
The department took down the details after KhabarLive pointed out the data leak. Till then, just by typing out the name of a pensioner on the pensioner’s information portal of the website, anybody could access bank account details, phone numbers and other information. This portal also disclosed the pension amount credited to the beneficiary’s bank account.
One such information leaked by the portal was the Pension Payment Order (PPO) ID of the pensioner which could be used to generate a pensioner’s ID card.“I never share my bank account numbers even with my children and now they have put it up publicly. It’s not right on the department’s part to publish these details without our consent.
How does publishing of Aadhaar numbers and bank account numbers of pensioners help?” questioned a retired senior civil judge who did not wish to be named as his bank account, Aadhaar and other personal information was made available online.
The director of treasuries department, KSRC Murthy issued orders to remove the Aadhaar and bank account details of the pensioners from being publicly displayed on the website after Express pointed out the data leak. So far over 210 websites of both Central and State governments have leaked aadhaar data, replied UIDAI to a Right to Information (RTI) query in November 2017.
“It’s not dangerous if Aadhaar number alone is published. It’s only an issue if the biometric details are also made public,” defended Murthy. “The UIDAI had sent State government departments a circular specifically asking us not to share or upload Aadhaar biometric details and number. We have taken the corrective action and have removed these details,” he added.
“The pension ID card generation portal is used only by the service pensioners who need to provide their pension ID card along with Aadhaar number to avail other services. We are mulling ways to limit free access to this database,” he said.
The director opined that since most of these pensioners are above the age of 70, their details were uploaded so that the pensioner knows how much money he or she is availing. “Most of these pensioners, often are not in control of their own pensions, the aim of creating this portal was to empower them,” said Murthy.
Pension availing senior citizens are often a soft target for cyber criminals. In October 2017, Aadhaar details of nearly 300 people were stolen and their Aasara pension money swindled. The city police estimated around `40 lakh was swindled by a three-member gang from mid 2015.
The accused had used Aadhaar numbers to open bank accounts with fictitious names and addresses. “Just by having an Aadhaar number alone, a cyber criminal will not be able to do anything. It can only be misused when a combination of user information is made available online,” said U Ram Mohan Rao, Superintendent of Police, cyber crime, CID.
190 pensioners removed
Speaking about the benefits of linking Aadhaar numbers with pensioner details, director of treasuries, KSRC Murthy on Wednesday said that his department has been able to weed out 190 beneficiaries availing double pensions.
The department is now recovering back the pensions that were credited to these accounts. “In some cases, both the husband and wife will be pensioners and when one of them passes away the control of the bank account goes to the spouse. Thus one person ends up availing two pensions. #KhabarLive