The Unique Identification Authority of India’s (UIDAI’s) response to a The Tribune report last week that detailed an alleged data breach in the Aadhaar programme has moved from unsatisfactory to counterproductive. It has now filed a police complaint against the newspaper and reporter involved. Shooting the messenger will do little good.

There have been multiple allegations in the past of data security breaches in the programme. In April 2017, a government statement in the Rajya Sabha revealed UIDAI had cancelled and blacklisted 34,000 Aadhaar operators. Despite this, UIDAI has continued to function opaquely. For instance, in December 2016, it declined to give information related to breach of personal data in response to a Right to Information query.

The Aadhaar programme indeed has multiple potential benefits, as the government points out. But its expansion far beyond its original scope has raised the threat and consequences of data breaches considerably. Continued stonewalling and a failure to address concerns will not do.