[zaptheimpaler]

This is a true story -

I went to a regional passport office to get my Aadhar card about 2 years ago. I sat in front of a desk with an employee - she was logged in to a website to that let her upload my picture/biometrics and info into the Aadhar system. The desk had a post-it 3 feet away from me with the login username/password written on it.

Since the operators also need to verify biometrically to login, that alone wouldn't be enough to hack it. But if you think about the general level of understanding of IT among the public, and probably even the people who wrote the software, its pretty unsurprising to see it hacked.

Even so, I don't think its really possible for a huge entity like the government (or even a large company) to learn all the practices around security/technology without making mistakes and learning under situations with real consequences. As long as they learn from these mistakes and accept failure, rather than trying to cover them up, we will get there in time.