Provident Fund portal hacked, 2.7 cr face data theft

Provident Fund portal hacked, 2.7 cr face data theft
x
Highlights

The Employees’ Provident Fund Organisation has shut down its Aadhaar seeding website temporarily after confidential data of formal sector employees enrolled under the provident fund scheme was leaked, reported Business Standard on Wednesday. The Intelligence Bureau had informed the Ministry of Labour and Employment in March about the data theft.

New Delhi: The Employees’ Provident Fund Organisation has shut down its Aadhaar seeding website temporarily after confidential data of formal sector employees enrolled under the provident fund scheme was leaked, reported Business Standard on Wednesday. The Intelligence Bureau had informed the Ministry of Labour and Employment in March about the data theft.

The personal and professional details of about 2.7 crore members registered with the EPFO have been exposed to data theft. The Central Provident Fund Commissioner VP Joy had written to Common Service Centre CEO Dinesh Tyagi on March 23, warning him that data may have been stolen by hackers through the ‘aadhaar.epfoservices.com’ website, reported The Wire. Information such as the Aadhaar number, name, date of birth, father’s name, PAN, employment details are suspected to have been leaked.

The letter said that hackers had stolen data by “exploiting the vulnerabilities prevailing in the EPFO website.” “The [Intelligence Bureau] has advised adhering best practices and guidelines for securing the confidential data, re-emphasising regular and meaningful audit and vulnerability assessment and penetration testing of the entire system from competent auditors and testers.” Joy told Business Standard that the Aadhaar seeding website was closed more than a month ago immediately after the data theft was reported. “There was some problem in the CSC server and it is not related to our server.”

The EPFO, however, said that the data leak was not confirmed. In a press release, it said, “It is informed that warnings regarding vulnerabilities in data or software is a routine administrative process based on which the services which were rendered through Common Service Centres have been discontinued [with effect from] 22nd March 2018.”

Show Full Article
Print Article
Next Story
More Stories
ADVERTISEMENT
ADVERTISEMENTS