As per media reports, the personal and professional details of about 2.7 crore members registered with the EPFO have been exposed to data theft.
Following media reports of the EPFO website being hacked — which put some 2.7 crore people’s personal and professional data under threat—the Ministry of Labour and Employment issued an official statement that no confirmed data leakage has been established or observed so far.
Following the reports, the Central Provident Fund Commissioner, VP Joy, had written to Common Service Centre CEO, Dinesh Tyagi ,on March 23, warning him that data may have been stolen by hackers through the ‘aadhaar.epfoservices.com’ website.
Information, such as the Aadhaar number, name, date of birth, father’s name, PAN and employment details are suspected to have been leaked.
The letter said that hackers had stolen data by “exploiting the vulnerabilities prevailing in the EPFO website.”
“The [Intelligence Bureau] has advised adhering best practices and guidelines for securing the confidential data, re-emphasising regular and meaningful audit and vulnerability assessment and penetration testing of the entire system by competent auditors and testers.”
In the statement, the Ministry said, “The news is relating to the services through common service centres and not about EPFO Software or data centre.”
However, as a corrective measure, EPFO has taken advance action by closing the server and host service, through the Common Service Centres pending vulnerability checks as part of the data security and protection. A letter has been sent to the chief executive officer, Common Service Centre (CSC) to plug such vulnerabilities.
EPFO claims to have been taking all necessary precautions and measures to ensure that no data leakage takes place, and that there is nothing to be concerned about. EPFO has been continuously monitoring the data and will continue to be vigilant in future too.
The EPFO statement further clarifies that warnings regarding vulnerabilities in data or software are a routine administrative process, based on which the services which were rendered through Common Service Centres have been discontinued.