INSUBCONTINENT EXCLUSIVE:
Authors: JordanThe Aadhaar seeding portal of EPFO has personal and professional details of its membersNew Delhi:
The personal and professional details of about 2.7 crore members registered with the retirement fund body Employees Provident Fund
Organisation (EPFO) have been exposed to data theft.In a letter to the Ministry of Electronics and Information Technology, the Central
Provident Fund Commissioner has written that hackers have stolen data from the Aadhaar seeding portal of EPFO
He has also asked the ministry's technical team to plug vulnerabilities on the portal aadhaar.epfoservices.com that has now been temporarily
shut. The portal links the Aadhaar number of employees with their provident fund accounts.In the letter marked "secret", the commissioner
wrote that the Intelligence Bureau (IB) had informed them of "hackers exploiting the vulnerabilities prevailing in the website
(aadhaar.epfoservices.com) of EPFO."Details of the scale of the breach are not known but the website contains information like the names and
addresses of EPF subscribers besides their employment history."Each person contributes 12% of salary as provident fund, so salary details
could also have been stolen
Also the bank account numbers as people tend to withdraw their PF," said cybersecurity expert Anand Venkatnarayan. Hackers exploiting
vulnerabilities, EPFO commissioner wrote to the governmentA total of 114 government websites were hacked between April 2017 and January
2018, the Ministry of Electronics and IT told Lok Sabha in March.On April 6, amidst reports that several websites including those of the
ministries of defence, home and law had been hacked, the government had dismissed them as hardware problems.Cyber security experts say
monitoring is a big issue with government websites."The reason why these breaches happen is that the government is always reactive instead
We never take security measures in initial stages
There should be a proper bug reporting mechanism also so that we can report to the government and they can secure their database," said
Kshitij Adlakha, CEO of Cybersecurity firm Secugenius."No confirmed data leakage has been established or observed so far
As part of the data security and protection, EPFO has taken advance action by closing the server and host service through CSC (Common
Service Centre) pending vulnerability checks, EPFO said in a statement.The head of the Computer Emergency Response team of the Ministry of
Electronics and IT, when contacted by , remained unavailable.The body that governs Aadhaar, UIDAI, has clarified that it has nothing to do
with the alleged data breach from aadhaar.epfoservices.com
"This matter does not pertain at all to any Aadhaar data breach from UIDAI servers
There is absolutely no breach into Aadhaar database of UIDAI
Aadhaar data remains safe and secure," it said.
