Predictably, Aadhaar started as a voluntary program to tackle benefit fraud. Eventually it became mandatory for accessing welfare schemes. It was sold as financial inclusion, bringing banking and government services to India’s poorest citizens. It became a case study in the dangers of centralized biometric databases.

Hackers reportedly auctioned access to the entire database for $80,000, exposing data from 815 million citizens. Security researchers uncovered malicious patches allowing creation of fake Aadhaar numbers and remote bypassing of biometric verification. WhatsApp groups openly sold database access to operators across 300,000 villages. The system didn’t empower the poor, instead it handed their identities to cybercriminals on a silver platter.

The nightmare didn’t end there. Criminals cloned fingerprints with silicon moulds, hijacked biometric devices, and drained bank accounts through the Aadhaar-enabled payment system. This is the inevitable outcome of biometric databases at scale; they become irresistible targets. When your body becomes your password, a breach means permanent exposure. You can reset a password. You cannot reset your fingerprints.