An officer with the Unique Identification Authority of India (UIDAI), the government authority that runs Aadhaar, initially told The Tribune, "Except the Director-General and I, no third person in Punjab should have a login access to our official portal. Anyone else having access is illegal, and is a major national security breach." However, it later released a statement denying a breach, saying The Tribune's article was "a case of misreporting" and assured that "there has not been any Aadhaar data breach." But in the same statement it admitted that The Tribune report was an "instance of misuse of the grievance redressal search facility," suggesting that sensitive data was in fact accessed. India's Bharatiya Janata Party, one of the country's two major political parties, called The Tribune's report "fake news."
BuzzFeed News got in touch with the person who allegedly sold The Tribune the admin access. The person said that they had paid around $95 for access themselves through a WhatsApp group and was told that they could then create as many usernames and passwords as they wished. Becoming an Aadhaar admin appears to allow you to create other admin accounts, a feature that seems like a fundamental flaw of the system. The person admitted to selling access to seven other people over the last week but said they didn't know they were breaking the law or compromising data security by doing so.
Many have been critical of the database, data from which has been exposed before, for its lack of security and this alleged breach has just added fuel to the fire. Meghnad S, spokesperson for India's online SpeakForMe.in movement, told BuzzFeed News, "In its hurry to make Aadhaar mandatory and not ensuring data safety, the government has allowed shady vendors to exploit this data for their own gains."