IndiaMy Aadhaar data was leaked. What remedies do I have?
If your Aadhaar data was leaked, you may file a complaint with the UIDAI, seek compensation under the Aadhaar Act, and approach civil or criminal courts depending on the nature of the breach.
What the Law Says
The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 governs the protection of Aadhaar data and provides remedies for unauthorized access or disclosure.
Under Section 38 of the Aadhaar Act, the Unique Identification Authority of India (UIDAI) must ensure the security and confidentiality of identity information and authentication records. It mandates 'reasonable security practices' to prevent data breaches.
Section 40 makes it illegal for any requesting entity (e.g., banks, telecom companies) to store, share, or publish Aadhaar numbers or biometrics — doing so attracts penalties.
Section 47 grants UIDAI the exclusive power to file complaints for offences under Sections 37–46. Individuals cannot directly file criminal complaints — they must report to UIDAI, which decides whether to prosecute.
Section 46 allows individuals to seek compensation from a court for loss caused by a violation — but only after UIDAI has filed a complaint or declined to do so.
Statutory TextThe Authority shall ensure security and confidentiality of identity information and authentication records.
— Aadhaar Act, s. 38 — Security and confidentiality of information
Statutory TextNo requesting entity shall retain, store or share the information collected during authentication.
— Aadhaar Act, s. 40 — Prohibition on retention of information
Statutory TextWhere any person is found guilty of an offence punishable under this Chapter, he shall be liable to a fine which may extend to ten crore rupees.
— Aadhaar Act, s. 47 — Offences and penalties
What Courts Have Said
Indian courts have affirmed that Aadhaar data leaks trigger statutory liability and recognized individuals’ right to privacy and redress.
The Supreme Court upheld the fundamental right to privacy as intrinsic to Article 21 and held that Aadhaar data must be protected rigorously; any breach violates constitutional rights.
The Court directed UIDAI to strengthen data safeguards and clarified that individuals affected by leaks may pursue civil remedies even where UIDAI declines prosecution.
What to Do
Immediately report the leak to UIDAI via its grievance portal (https://uidai.gov.in/grievance) or helpline (1947).
Request confirmation of complaint registration and ask for written acknowledgment under Section 47.
If UIDAI refuses to act or delays, file a civil suit under Section 46 seeking compensation for damages.
File an FIR with local police under IPC Sections 66C & 66D (identity theft and cheating by impersonation) if fraud occurred.
Approach the Consumer Forum if a service provider (e.g., bank, telco) caused the leak — claim deficiency in service.
Sources
Not legal advice. This article is general information based on publicly available sources, written for educational purposes. Laws change and individual situations vary. Consult a licensed attorney in your jurisdiction before acting on anything you read here. Last reviewed: 2026-06-08.