New Delhi: Reports emerged on Wednesday morning that retirement fund body EPFO’s portal has been hacked and subscriber details have been stolen, flagging data security concerns.
The Employee Provident Fund Organisation (EPFO) suspended services pertaining to Aadhaar-seeding with PF accounts done by Common Service Centres (CSC) “pending vulnerability checks” but said there was no data leak.
What flagged data theft concerns was a letter written by EPFO central provident fund commissioner VP Joy to CEO of CSC Dinesh Tyagi on March 23. The veracity of the letter could not be verified by FC. “It has been intimated that the data has been stolen by hackers by exploiting the vulnerabilities prevailing in the website (aadhaar.Epfoservices.Com) of EPFO...” Joy is said to have written.
The EPFO said: “Warnings regarding vulnerabilities in data or software is a routine administrative process based on which the services which were rendered through the CSC have been discontinued from March 22, 2018.”
The EPFO said there is nothing to be concerned about and that all necessary measures are being taken to ensure that no data leakage takes place.
“No confirmed data leakage has been established or observed so far. As part of the data security and protection, the EPFO has taken advance action by closing the server and host service through the CSC pending vulnerability checks,” it said in a statement.
The EPFO has been seeding Aadhaar with Universal Account (PF) numbers of its subscribers to improve delivery of services. It has planned to go paperless by August this year and then all its services would be provided online.
“We will have it looked at. A vulnerability has been pointed out, and so we will (undertake) the exercise to plug the vulnerability, if it is there,” PTI quoted an official as saying.