The website of Pradhan Mantri Kisan Samman Nidhi, better known as PM-Kisan was found leaking the Aadhaar details of over 110 million farmers.
According to security researcher Atul Nair, who is volunteering at Kerala Police Cyberdome, the dashboard feature of the PM-Kisan website has an endpoint that was exposing Aadhaar numbers of all the farmers based on region.
Nair said that he was able to obtain a small sample of the information of exposed data of farmers and the Aadhaar numbers associated with them on the PM-Kisan website. He provided the data to TechCrunch, who have verified the information as authentic by matching the leaked data with individual information using the PM-Kisan website’s finder tool.
PM-Kisan, is a government initiative that provides farmers in India with a minimum support income of Rs 6,000 per year. It uses farmers’ Aadhaar data for registration and further processes, such as direct benefit transfer (DBT).
Aadhaar is a unique 12-digit number assigned to an Indian citizen as part of the country’s identity database and is often required for availing government services. Even though the number is not secretive by nature, unauthorized access could leave details like residential addresses, bank account details, and other important data exposed and prone to hacking.
The researcher said the leak could have affected more than 110 million farmers, which is also the total number of farmers registered with the PM-Kisan initiative.
The researcher has informed the Indian Computer Emergency Response Team (CERT-In) about the leak on January 29, 2022 for which he received a response from the government agency providing a reference number and informed that his report was forwarded to the concerned authorities.
On May 28, Nair discovered that the issue was fixed. It is unclear if the Aadhaar data of farmers were removed from the website or if it was available as is during the period between January and May.