Indian officials in charge of a controversial biometric identity scheme have filed a police complaint after a report that citizens’ personal details were being sold for as little as 500 rupees ($7.8) online.

The Unique Identification Authority of India (UIDAI) wants a probe into “unauthorised access” to its database.

But it said biometric data was safe.

The Tribune newspaper claimed that it bought user details via an “agent” advertising his services on WhatsApp.

The report is the latest revelation against the UIDAI biometric system known as Aadhaar, which means foundation.

It said that once it paid the “agent”, its reporters were given a username and password that allowed them to enter any Aadhaar number into the UIDAI website and get access to user information including name, address, photo, phone number and email address.

The report added that payment of a further 300 rupees provided “software” that allowed them to print out any Aadhaar card for which they had the number.

The UIDAI says the breach seems to be a misuse of a grievance redressal scheme that allowed Aadhaar agents to rectify issues like a change in address and wrong spelling of a person’s name.

However, it added that the scheme did not grant access to people’s biometric details.

The revelations in the report made headlines in India, with many on social media expressing concern over the security of their personal data.