Employees Provident Fund Organisation shuts down Aadhaar seeding website after data leak
The Intelligence Bureau had informed the Ministry of Labour and Employment in March about the theft.
The Employees’ Provident Fund Organisation has shut down its Aadhaar seeding website temporarily after confidential data of formal sector employees enrolled under the provident fund scheme was leaked, reported Business Standard on Wednesday. The Intelligence Bureau had informed the Ministry of Labour and Employment in March about the data theft.
The Central Provident Fund Commissioner VP Joy had written to Common Service Centre CEO Dinesh Tyagi on March 23, warning him that data may have been stolen by hackers through the ‘aadhaar.epfoservices.com’ website, reported The Wire. Information such as the Aadhaar number, name, date of birth, father’s name, PAN, employment details are suspected to have been leaked.
The letter said that hackers had stolen data by “exploiting the vulnerabilities prevailing in the EPFO website.” “The [Intelligence Bureau] has advised adhering best practices and guidelines for securing the confidential data, re-emphasising regular and meaningful audit and vulnerability assessment and penetration testing of the entire system from competent auditors and testers.”
Joy told Business Standard that the Aadhaar seeding website was closed more than a month ago immediately after the data theft was reported. “There was some problem in the CSC server and it is not related to our server.”
The EPFO, however, said that the data leak was not confirmed. In a press release, it said, “It is informed that warnings regarding vulnerabilities in data or software is a routine administrative process based on which the services which were rendered through Common Service Centres have been discontinued [with effect from] 22nd March 2018.”
An unidentified official of the IT ministry official said that as a vulnerability has been pointed out, the ministry will take action to plug the gaps if they exist, reported The Financial Express.
The EPFO has issued 13 crore Universal Account Numbers so far to formal sector employees. It has linked 3.45 crore out of a total of 4.71 crore active provident fund accounts with Aadhaar.