Wednesday, Sep 30, 2020 | Last Update : 02:31 PM IST

189th Day Of Lockdown

Maharashtra1351153104994735751 Andhra Pradesh6811616123005745 Tamil Nadu5863975307089383 Karnataka5824584697508641 Uttar Pradesh3908753312705652 Delhi2730982407035272 West Bengal2505802198444837 Odisha212609177585866 Telangana1872111564311107 Kerala179923121264698 Bihar178882164537888 Assam169985139977655 Gujarat1332191132403417 Rajasthan1288591077181441 Haryana1237821059901307 Madhya Pradesh117588932382207 Punjab107096840253134 Chhatisgarh9856566860777 Jharkhand7770964515661 Jammu and Kashmir69832495571105 Uttarakhand4533233642555 Goa3107125071386 Puducherry2548919781494 Tripura2412717464262 Himachal Pradesh136799526152 Chandigarh112128677145 Manipur9791760263 Arunachal Pradesh8649623014 Nagaland5768469311 Meghalaya5158334343 Sikkim2707199431 Mizoram178612880
  India   All India  03 May 2018  EPFO suspends services with Aadhaar seeding platform, says no data leakage

EPFO suspends services with Aadhaar seeding platform, says no data leakage

PTI
Published : May 3, 2018, 10:59 am IST
Updated : May 3, 2018, 10:59 am IST

EPFO said there is nothing to be concerned about and all necessary measures are being taken to ensure that no data leakage takes place.

The statement from the retirement fund body comes amid reports of a letter purportedly written by EPFO Central Provident Fund Commissioner VP Joy to CSC's CEO, Dinesh Tyagi on March 23 flagging the data theft issue. (Photo: File)
 The statement from the retirement fund body comes amid reports of a letter purportedly written by EPFO Central Provident Fund Commissioner VP Joy to CSC's CEO, Dinesh Tyagi on March 23 flagging the data theft issue. (Photo: File)

New Delhi: Services pertaining to Aadhaar-seeding with PF accounts done by Common Service Centre (CSC) have been suspended "pending vulnerability checks", Employees Provident Fund Organisation (EPFO) said on Wednesday but maintained that there was no data leakage.

The statement from the retirement fund body came amid reports of a letter purportedly written by EPFO Central Provident Fund Commissioner VP Joy to CSC's CEO, Dinesh Tyagi on March 23 flagging the data theft issue.

 

While announcing the suspension of CSC services, the EPFO said, "Warnings regarding vulnerabilities in data or software is a routine administrative process based on which the services which were rendered through the CSC have been discontinued from March 22, 2018."

The EPFO said there is nothing to be concerned about and that all necessary measures are being taken to ensure that no data leakage takes place.

"No confirmed data leakage has been established or observed so far. As part of the data security and protection, the EPFO has taken advance action by closing the server and host service through the CSC pending vulnerability checks," it said in a statement. The retirement fund body's statement came after reports had suggested theft of data of subscribers by hackers from 'aadhaar.epfoservices.com', a website operated by the CSC that comes under the Ministry of Electronics and IT. The issue of data theft was purportedly raised by Joy in his letter dated March 23.

 

"... it has been intimated that the data has been stolen by hackers by exploiting the vulnerabilities prevailing in the website (aadhaar.epfoservices.com) of EPFO...," the purported letter had said.         

The retirement fund body has been seeding Aadhaar with Universal Account (PF) numbers of its subscribers to improve delivery of services. It has planned to go paperless by August 2018 and then all its services would be provided online. Separately, Aadhaar-issuing body, Unique Identification Authority of India (UIDAI) clarified that there is no data compromise from its servers, and asserted that the Aadhaar database "remains safe and secure".

 

Asked about EPFO's chief's letter to CSC CEO, a top IT ministry official said that since vulnerability has been flagged, the ministry would take action to plug the gaps in case they exist.

"We will have it looked at. A vulnerability has been pointed out, and so we will (undertake) the exercise to plug the vulnerability, if it is there," said the official who did not wish to be named.

When contacted by news agency PTI, CSC CEO Dinesh Tyagi emphasised that while the said application had been designed by the CSC, it is now hosted on EPFO data centres and servers.

"It is now fully under EPFO's control... the (web) application has also been security audited by an empanelled auditor. But since the vulnerability has been pointed out, we are getting it audited by another auditor, and will send the report to the EPFO," Tyagi said.

 

The report of the data leak and alleged data vulnerability comes at a time when a Constitutional bench of the Supreme Court is hearing a clutch of petitions challenging the Aadhaar Act and the use of biometric identifier in various government and non-government services.

Tags: epfo, data breach
Location: India, Delhi, New Delhi