Security

What Happens to Your Aadhaar
and PAN If Your Phone Is Stolen?

Your phone holds access to your most sensitive identity documents. Here's what's actually at risk, what criminals can do with it, and exactly how to lock everything down before damage happens.

Last updated: June 2026 · 7 min read

Englishहिंदीతెలుగుதமிழ்ಕನ್ನಡമലയാളംमराठीবাংলাગુજરાતીଓଡ଼ିଆਪੰਜਾਬੀ

The real risk is identity misuse, not the phone itself

A thief who has your phone can access mAadhaar, DigiLocker, income tax portal, and UPI — all linked to your mobile number. Lock your biometrics and SIM first; everything else follows.

What Is Actually on Your Phone

Most Indians don't realise how much identity access a phone holds. Here's what a thief can reach if your screen is unlocked or they guess your PIN:

mAadhaar app

High risk

Stores your Aadhaar profile and QR code locally. A thief can share it to prove your identity for SIM replacement, hotel check-in, or financial account opening.

DigiLocker

High risk

Contains your PAN, driving licence, vehicle registration, and class X/XII certificates. Third-party apps connected to DigiLocker can pull this data.

Income Tax Portal (incometax.gov.in)

Medium risk

If saved in the browser, a thief can view your income, TDS, and bank account numbers linked for refunds.

UMANG app

Medium risk

Single app for EPF balance, pension, and government services — all linked to your Aadhaar and UAN.

Email / SMS

High risk

OTPs for resetting passwords of any linked service arrive here — making the phone a master key for everything else.

Step 1: Lock Your Aadhaar Biometrics (Do This First)

Locking your biometrics means no one can use your fingerprint or iris scan to authenticate as you — at banks, telecom stores, or Aadhaar-enabled payment systems (AEPS). You can do this from any browser on another device.

1

Go to myaadhaar.uidai.gov.in

Open on any browser — a family member's phone, tablet, or computer.

2

Click "Lock/Unlock Biometrics"

Under the "My Aadhaar" section. You'll need to verify with an OTP sent to your Aadhaar-registered mobile number — which is why blocking the SIM first matters.

3

Enter your Aadhaar number and verify

A 6-digit OTP is sent to your registered mobile. If you've already blocked your SIM, request a new SIM with the same number first, then do this.

4

Confirm biometric lock

Once locked, no fingerprint or iris authentication will work for your Aadhaar until you unlock it yourself.

You can also call UIDAI helpline 1947 (free, 24/7) to request an Aadhaar biometric lock.

Step 2: Revoke DigiLocker Access

DigiLocker lets third-party apps pull your documents with your consent. If your phone was logged in, those apps may still have access. Revoke them now.

Go to digilocker.gov.in on another device

Log in with your mobile number. OTP will go to your number — get the SIM replaced first if needed.

Go to Settings → Connected Apps

You'll see every app that has pulled your documents. Revoke access for any app you don't recognise or no longer use.

Change your DigiLocker PIN

Under Profile → Change Security PIN. Use a PIN different from your phone lock screen.

Check recent activity

Under Settings → Activity Log. Look for any document shares or logins you don't recognise.

Step 3: Protect Your PAN

Your PAN itself isn't directly vulnerable — it's a number, not a key. The risk is that a thief uses your PAN (visible in DigiLocker or email) combined with other identity documents to open a loan or financial account in your name.

🔑

Check for unknown ITR filings

Login to incometax.gov.in from another device and check if any return was filed or bank account was added without your knowledge.

🔑

Alert your bank

Inform your bank that your phone was stolen and your PAN may be compromised. Ask them to flag any new account openings with your PAN for manual review.

🔑

Check CIBIL / credit score

After a few days, check your credit report at cibil.com or through CRIF/Experian. New loan applications with your PAN will show up here as hard enquiries.

🔑

File a complaint if misused

If you see unknown loan applications or income tax activity, file at cybercrime.gov.in and the local police station.

What Can a Thief Actually Do With Your Aadhaar?

This is the question most people want answered honestly. The risk varies based on what the thief can access:

Show your Aadhaar QR at a hotel or to police

Possible but low harm

They can prove your identity if they have your mAadhaar. This is inconvenient but rarely used for serious fraud. Hotels don't open bank accounts.

Use Aadhaar-enabled biometric payment (AEPS)

High if not locked

AEPS lets someone withdraw money from your bank using just Aadhaar number + fingerprint. Locking biometrics blocks this entirely.

SIM swap at a telecom store with your Aadhaar

High

A thief with your Aadhaar QR and a fake matching face can attempt a SIM swap. Block your SIM first to prevent this window.

Open a new bank account or loan

Medium

Requires physical KYC with a live video or in-person visit. Harder to pull off, but possible with DigiLocker documents. Monitor your CIBIL report.

Key Helplines

1947

UIDAI / Aadhaar Helpline

1930

Cybercrime Helpline

14440

DigiLocker Support

1800-103-4786

Income Tax Helpdesk

Related Guides

UPI & Bank SafetyFirst 60 Minutes After TheftBlock Stolen Phone via IMEIHow to File an FIR