India Expands Digital Identity Use Amid Security and Privacy Concerns
Indian officials and agencies are pushing to broaden the use of digital identity in both public and private contexts, while explicitly raising cybersecurity and accountability concerns. In Hyderabad, Police Commissioner V.C. Sajjanar publicly argued that autonomous AI agents operating in critical sectors (e.g., banks, hospitals, power grids) should be issued a verifiable digital identity and be subject to strong logging and traceability so investigators can determine “which agent opened which file,” what changes were made, and where data was sent—framing the need as a safeguard against errors and the risk of cybercriminals hijacking agent behavior.
Separately, India’s UIDAI is expanding Aadhaar into more day-to-day use via a new Aadhaar app and an offline verification framework intended to reduce reliance on real-time checks against the central database, while enabling selective disclosure (e.g., proving age without sharing full birthdate). The initiative also extends Aadhaar into consumer ecosystems (including planned Google Wallet integration and discussions with Apple Wallet) and into operational deployments such as policing and hospitality—e.g., Ahmedabad City Crime Branch integrating Aadhaar-based offline verification with the PATHIK guest-monitoring platform—prompting critics to reiterate concerns about security, consent, and privacy as Aadhaar’s footprint grows.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
12 events from the most recent confirmed update back to the earliest known activity.
KKR and Singtel agree to buy remaining stake in STT GDC
KKR and Singtel agreed to acquire the remaining 82% of ST Telemedia Global Data Centres for $5.1 billion, increasing their ownership of the regional datacenter operator.
Ant Group and Indian authorities discuss linking Alipay with UPI
Reuters reported talks between Ant Group and Indian authorities about connecting Alipay and India's UPI system, a move that would create interoperability across payment networks with a combined user base of more than 1.5 billion.
Australian tribunal partly upholds challenge to Bunnings facial recognition ruling
A tribunal found Bunnings' in-store facial recognition use reasonable in light of stated security risks, but also found breaches of some privacy principles and ordered the company to stop those aspects.
China's central bank reinforces crypto ban and restricts tokenization
The People's Bank of China issued a new notice reaffirming its cryptocurrency ban, adding restrictions that make most real-world-asset tokenization illegal and banning stablecoins pegged to the Chinese currency.
Hyderabad police commissioner calls for digital IDs for AI agents
Hyderabad Police Commissioner V.C. Sajjanar publicly proposed issuing autonomous AI agents a digital identity and requiring comprehensive logging of their actions, citing safety and cybercrime risks.
Critics warn Aadhaar expansion raises privacy and accountability risks
Civil liberties and digital rights groups publicly warned that the broader Aadhaar rollout could worsen consent, security, accuracy, and redress problems while enabling renewed private-sector dependence on the system.
UIDAI opens discussions on Aadhaar support for Apple Wallet
Indian authorities are in discussions to bring Aadhaar to Apple Wallet, signaling further planned expansion of wallet-based identity use.
Google Wallet integration for Aadhaar is planned
UIDAI said Aadhaar support is planned for Google Wallet, extending the identity system's reach into additional consumer payment and credential platforms.
UIDAI expands Aadhaar into more private-sector and daily-life uses
UIDAI began positioning Aadhaar for broader use across hotels, housing societies, workplaces, platforms, payment devices, and mobile wallets, making the system more ubiquitous in everyday transactions.
UIDAI rolls out new Aadhaar app and offline verification framework
India's UIDAI introduced a new Aadhaar app and an offline verification system designed to let users prove identity without live queries to the central Aadhaar database, including selective disclosure features.
Samsung Wallet adds Aadhaar support
Before the latest rollout, UIDAI had already enabled Aadhaar support in Samsung Wallet, establishing an early wallet-based use case for the identity system.
India's Supreme Court limits private-sector use of Aadhaar
In 2018, India's Supreme Court restricted private companies from relying on Aadhaar for authentication, a limit critics say the current expansion may undermine.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Identity and Age Verification Security Risks Amid Rising Fraud and Regulatory Pressure
Identity and age verification controls are under strain as organizations expand remote onboarding and governments mandate stronger online age checks. Intellicheck’s analysis of nearly **100 million** cloud-based identity verification transactions in 2025 found an overall **97.85%** pass rate, but with significant variation by industry; failures were primarily driven by **expired IDs** (potentially indicating operational gaps, stolen credentials, or poor user hygiene) and **failed IDs** (often associated with attempted fraud and **synthetic identity** activity). Reported failure indicators included missing barcode authorization data, mismatches between barcode and printed fields, uploads that appear to be digital copies, and biometric mismatches between the presenter and the ID photo. In parallel, platforms and regulators are pushing broader deployment of online age assurance, raising privacy and security concerns about collecting and storing identity data at scale. Research cited in coverage of age verification initiatives (including Discord testing age checks and new requirements in the UK, France, and Australia) warns that expanded identity-data handling increases exposure to **breaches, identity theft, surveillance abuse, and discrimination**, even as it argues privacy-preserving approaches are feasible. Separately, Cisco’s *State of AI Security 2026* highlights that enterprises are rapidly integrating **agentic AI** into sensitive systems (ticketing, code repos, cloud dashboards) with limited security readiness; testing showed **multi-turn prompt-injection/jailbreak** techniques achieving up to **92%** success across eight open-weight models, underscoring the risk of automated workflows being steered into unsafe actions when agents have tool access and memory.
Mar 21, 2026
Digital Identity and Age-Verification Rollouts for Online Access
Organizations are expanding **digital identity verification** for online services, with one effort focused on privacy-preserving **age checks** and another on stronger identity proofing for access to U.S. government healthcare accounts. Ars Technica reported on the **OpenAge Initiative** and related “age key” technology, which stores proof-of-age signals locally using **FIDO passkey** concepts and shares them through an encrypted, double-blind exchange rather than exposing full identity data. The article says providers including **Incode, Persona, Socure, and Veratad**, along with platform participants such as **Meta** and **Konami**, are backing the model as platforms prepare for broader age-gating requirements. Separately, **CMS** expanded login options for **Medicare.gov**, allowing beneficiaries to verify identity through **ID.me, CLEAR, or Login.gov** under **NIST IAL2** standards to reduce fraud and unauthorized access. CMS said biometric checks used by some providers are limited to one-time identity verification with user consent, and that medical records remain in CMS systems while identity data is held separately by the selected provider. While both reports concern online identity assurance and user verification, they describe **different initiatives** with different operators, use cases, and security goals rather than a single incident or coordinated event.
Mar 21, 2026
Government Digital Identity Initiatives Expand via Mobile Wallets and Biometrics
UK and US government agencies are expanding digital identity programs, but with uneven adoption and growing scrutiny. In the UK, the Government Digital Service reported that just over **15,000** veterans have applied for a digital veterans ID since its October launch—under **1%** of the roughly **1.8 million** eligible former service members—highlighting slow uptake and limited utility compared with the physical Veteran Card. The digital credential is stored in the *GOV.UK One Login* app (planned to be rebranded as the *GOV.UK Wallet*), and currently has constrained use cases, including not being accepted as photo ID for domestic flights or for some veteran benefits, and not yet being usable online. In the US, Customs and Border Protection and the Transportation Security Administration are accelerating deployment of **facial biometric** identity verification for travelers, with CBP requiring biometric verification for **all non-citizens** entering or leaving the US (with US citizens able to opt out for manual checks). Officials described facial biometrics as foundational to vetting and border security operations, while lawmakers and civil society groups continue to raise privacy and civil-rights concerns; TSA’s use of facial recognition has also drawn oversight attention, including a Department of Homeland Security watchdog investigation. Together, the developments reflect a broader shift toward mobile and biometric identity systems, alongside adoption, usability, and governance challenges.
Mar 21, 2026