Global digital security firm Gemalto has apologised to the “people of India” for publishing an inaccurate report that claimed almost one billion Aadhaar records, including name, address and other personally identified information, were compromised during the first half of 2018.
“All concerned parties should take note that we have not been able to find any verified or substantiated data breach of Aadhaar data. As a result, Gemalto has withdrawn the data breach claim from the Breach Level Index Report,” Gemalto CEO Philippe Vallee said in a public notice issued on 27 October.
Gemalto said it updated its Breach Level Index Report 2018 and the error was corrected.
The original report and a subsequent press release issued in India on 15 October took into account an unverified news article about alleged Aadhaar data breach, Gemalto said.
“Gemalto is deeply regretful for releasing this unverified information in this report and failing to conduct sufficient due diligence prior to publishing the information,” the note said.
“We never intended to malign Aadhaar, India’s prestigious identity mission project, by unknowingly committing the mistake,” Valee added.
Gemalto said it would be launching an internal investigation and would take additional appropriate action internally.
The Breach Level Index is a global database of public data breaches. It tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted.
By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are not serious versus those that are truly impactful.
The Breach Level Index report 2018 revealed that 944 data breaches led to 3.2 billion data records being compromised worldwide in the first half of this year.