07/01/2018 9:52 AM IST | Updated 07/01/2018 10:07 AM IST

FIR Registered Against The Tribune And It's Reporter For Aadhaar Data Breach Story

No freedom of press?

Bloomberg via Getty Images

A report on how just Rs 500 and 10 minutes could find you access to Aadhaar data has landed The Tribune newspaper and the reporter of the story in trouble, with an FIR being filed against Rachna Khaira and the newspaper by the Unique Identification Authority of India (UIDAI).

The Indian Express reported Joint Commissioner of Police (Crime Branch) Alok Kumar confirming that an FIR had been registered under Sections 419 (punishment for cheating by impersonation), 420 (cheating), 468 (forgery) and 471 (using as genuine a forged document) of the Indian Penal Code and Section 66 of the IT Act and Section 36/37 of the Aadhaar Act.

Not just the reporter and the newspaper, the FIR also names Anil Kumar, Sunil Kumar and Raj -- sources named in the story.

The Tribune story bore holes into the claims by the UIDAI that biometric data of millions of people in India was safe and that breaching such data not possible. Khaira had reported that anonymous sellers on WhatsApp were able to provide "unrestricted access to details for any of the more than 1 billion Aadhaar numbers" in exchange for just Rs 500.

The reason behind the FIR is apparently because of "criminal conspiracy" on part of those name in the FIR.

The Indian Express quoted the FIR as saying, "The above-mentioned persons have unauthorisedly accessed the Aadhaar ecosystem in connivance of the criminal conspiracy... The act of the aforesaid involved persons is in violation of (the various sections mentioned in the FIR)... Hence, an FIR needs to be filed at the cyber cell for the said violation."

The Tribune had reported that after a payment of Rs 300 through Paytm, a log in and a password was provided to them after which they could enter any Aadhaar number to get the details corresponding to it.

Despite the report, the UIADI has continued to insist that biometric data remains safe and that "mere display of demographic information can't be misused without biometrics."