Cyber criminals seem to have hacked the EPFO data which holds information like name, Aadhar card number, bank details of 2.7 Cr Indians. The vulnerabilities in Aadhar seeding with PF accounts may have been exploited to steal the data. The statement from the EPFO came amid reports of a letter allegedly written by EPFO Central Provident Fund Commissioner V P Joy to CSC’s CEO, Dinesh Tyagi on 23 March flagging the data theft issue.
The pension body claims of no data breach however the website aadhaar.epfoservices.com has been shut down. This site was functioned by CSC (Common Service Centre). EPFO claims that the services of CSC had been discontinued since March 22 due to warnings regarding vulnerabilities in their software infrastructure. The EPFO said: “Warnings regarding vulnerabilities in data or software are a routine administrative process, based on which the services which were rendered through CSC have been discontinued with effect from March 22, 2018. No confirmed data leakage has been established or observed so far. As part of the data security and protection, EPFO has taken advance action by closing the server and host service through CSC (Common Service Centre) pending vulnerability checks.”
“Each person contributes 12% of salary as provident fund, so salary details could also have been stolen. Also the bank account numbers as people tend to withdraw their PF,” said cybersecurity expert Anand Venkatnarayan.
Separately Aadhar issuing body UIDAI claims there is no data theft from their servers and their data is safe and secure. The EPFO is one of the many other government departments using CSC’s platform for Aadhar seeding various services. In February this year, UIDAI terminated its relationship with CSC and then in March EPFO. Is it just a mere coincidence? Or the CSC softwares are highly vulnerable to cyber attacks!?
Logix Infosecurity helps your organization deploy best tools to keep your company safe on the internet. We help you design a smart disaster recovery plan exactly suitable for your business requirements. It is always good to be prepared than regret later.