By now, my regular readers have likely all seen reports of data breaches where biometric data were stolen or hacked, such as the OPM breach where 5.6 million employees’ fingerprints were also acquired by suspected state actors or state-sponsored hackers. But a news report out of India shows how biometric data may be part of a criminal conspiracy there. And perhaps, not surprisingly, that conspiracy involves Aadhaar biometric data. Indian officials have continued to tout the security of Aadhaar data despite scattered reports over the past few years identifying claimed data breaches.
The following report by Yagnesh Bharat Mehta suggests that there may be some insider-wrongdoing going on, but it’s really not clear yet how the criminals are acquiring the biometric data and the beneficiaries’ details:
The police busted on Saturday a ring involved in using stolen biometric data and arrested two fair price shop owners.
“The accused were using a software that contained ration card numbers, Aadhaar card numbers and biometric thumb impressions of PDS beneficiaries. They used the details to create fake records of food grain sale. We are investigating from where the accused purchased the software, who developed it and who supplied the data,” said R Sarvaiya, assistant commissioner of police, detection of crime branch.
[…]
The software, with bulk data of beneficiaries, was available for Rs 15,000 [USD $233.85], police officials said. They believe that there is a bigger racket in stolen biometric details at play.
Read more on Times of India.
(Link corrected post-publication)