Employees’ Provident Fund Organization has highlighted data breach of about 2.7 crore members registered with the retirement fund body.
According to the media, the Central Provident Fund Commissioner has written a letter to the Ministry of Electronics and Information Technology stating that the hackers have theft data from the Aadhaar seeding portal of EPFO. He has also requested the ministry's technical team to plug vulnerabilities in the portal aadhaar.epfoservices.com which is now momentarily shut. The website links the Aadhaar number of employees with their provident fund accounts.
However, EPFO has denied any theft of data in media.
EPFO was quoted in media saying, "There is nothing to be concerned about and all necessary steps are being taken to assure that no data leakage takes place." It also mentioned that "The EPFO has taken advance action by closing the server and host service through the CSC pending vulnerability checks."
The Aadhar seeding portal is being managed by three agencies- EPFO, CSC, and UIDAI. All the three agencies have denied any theft of data. Dinesh Tyagi, CEO of CSC was quoted in media saying, “The concerned application is on the EPFO server and that the CSC did not have anything to do with the incident.”
According to reports, on March 22, the Intelligence Bureau, in a letter, warned the matter to Ministry of Labour and Employment. Following this, VEPFO’s Central Provident Fund Commissioner, V P Joy wrote to CSC CEO Dinesh Tyagi on March 23 pointing out the vulnerabilities in the seeding website, aadhaar.epfoservices.com.
The UIDAI, the nodal agency for the Aadhaar project, said, “The portal does not belong to UIDAI in any manner. This matter does not pertain at all to any Aadhaar data breach from UIDAI servers. There is no breach of Aadhaar database of UIDAI. Aadhaar data remains safe and secure.”
This is the second time in four months that the Aadhaar-seeding portal built for Employees’ Provident Fund Organisation (EPFO) is suspended after suspected security-related vulnerabilities.