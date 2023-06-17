India is yet to recover from the shock of the alleged leak of personal details from CoWIN, an Indian government web portal for COVID-19 vaccination registration. How would the leak of personal information affect an individual? What precautionary measures should be adopted to ensure data security? This report is based on a discussion Malayala Manorama had with two experts in data security.

It is often asked what would hackers do with my data? Shouldn't only the rich fear the leak? Google already has all the information. What else is there to be leaked? These three are the frequently asked questions on data security. While some raise these questions out of ignorance, a few others ask them for the sake of argument.

The answers to these questions lie in the fake-loan scam carried out through the Indiabulls-owned Dhani app in February 2022. Several prominent personalities, including actor Sunny Leone, fell prey to the scam.

Many victims found unaccounted loans in their credit history. Several people received notices from recovery agents for defaulting on loans they had not taken. Their credit scores, too, dipped. Leone's credit score crashed for not repaying a fake loan of Rs 2,000.

Panic spread as the people could not identify the person or persons who had availed of loans using their details. Dhani later gave an explanation: "Fraudsters availed of loans using your PAN card and identification details.

There is no better answer to those who ask what would happen if PAN and personal other details are leaked. Data security is of utmost importance these days since even textile showrooms seek the customers' names and phone numbers.

CBIC issues warning

The Central Board of Indirect Taxes and Customs (CBIC) recently cautioned the public against sharing Aadhaar and PAN details. Fraudsters take the poor to Aadhaar Seva Kendras, collect fingerprints, and create fake entities with a different number, the CBIC said in an official media statement.

Once the Aadhaar-linked phone number is changed, the card's control will be on the other person. Meanwhile, the real owner won't realise the danger since the card is still with him/her. They won't even know that Aadhaar could be controlled using a mobile phone number.

Since the Aadhaar authentication SMSes go to the new phone number, the real owner would be in the dark about the activities carried out using the card.

In situations where OTP or biometric authentications are not required (for instance, checking into a hotel room) a fraudster could forge a fake entity using your name and number in identification documents such as Aadhaar.

The Union government recently said several shell companies used a single photograph to create multiple fake Aadhaar cards with different names to get fake GST registration. If any official agencies probe tax evasions, the unsuspecting owner will be in trouble.

Sharma's challenge

When data provided to CoWIN was shared over Telegram, several people searched for the Aadhaar number of RS Sharma, UIDAI's founding boss and now the Chief Executive Officer of the National Health Authority. Interestingly, a person from Meghalaya had used Sharma's number to register on CoWIN.

There is a story behind Sharma's Aadhaar number landing in the public domain. Sharma tweeted his Aadhaar number on July 28, 2018.

"My Aadhaar number is **** **** ****. Now I give this challenge to you: Show me one concrete example where you can do any harm to me," he dared.

The response was quick. Several people responded to Sharma's tweet after finding his mobile phone numbers, G-Mail address, Yahoo! address, residential address, date of birth, frequent flyer number, bank account numbers, and WhatsApp profile picture. Cyber security experts, who found that Sharma was using an iPhone, even sent money to his UPI ID.

Another person ordered a OnePlus-6 mobile phone to his residential address, in cash-on-delivery mode.

Sharma still stood his ground, asking if any harm had come to him. Realising that Sharma's act was snowballing into a controversy, the UIDAI stepped in and warned against publishing the Aadhaar number on social media.

If fraudsters get some personal details of an individual, they could dig into the internet for that person's complete information. With the details, they could blackmail or even impersonate for gains.

