It appears that there is hardly an Aadhaar-linked document that is safe from data theft. Be it pregnancy details and medical history of women, identification details of children or information about beneficiaries of social schemes, hardly a day passes before another report of Aadhaar data leak surfaces. But the government always maintains that the Aadhaar data is safe.
However, we finally have an admission from government body EPFO (Employees’ Provident Fund Organisation) about a data theft related to Aadhaar seeding. EPFO has shut down its Aadhaar-seeding portal temporarily after revealing that hackers made away with some data.
Delhi-based independent journalist Arvind Gunasekar recently tweeted an image of a letter written by Central Provident Fund Commissioner, V. P. Joy, which mentioned that data has been stolen by hackers from the EPFO website.
Addressed to the chief of Common Service Centre, a body which operates under the Ministry of Electronics & Information Technology, the letter said,“It has been intimated that the data has been stolen by hackers by exploiting the vulnerabilities prevailing in the website (aadhaar.epfoservices.com) of EPFO.” In the letter, Joy also asked for immediate deployment of a team to fix the two vulnerabilities in order to safeguard the confidential data of employees
The EPFO website contains details such as employee Aadhaar numbers, names, dates of birth, PAN and other information about employment history along with other personally identifiable information. According to a report, around 2.75 crore people have linked Aadhaar details with their EPF account, which gives an idea about the severity of the data theft.
The EPFO handles employee provident funds for all registered companies in India and if you are salaried employee, chances are you have an account under the EPFO. Employers typically match employee deductions under EPFO scheme, which is a savings instrument for salaried class in India.
Despite the letter saying otherwise, EPFO has denied any data theft has occurred, clarifying that there is ‘nothing to be concerned’ regarding the letter circulating in the media. “No confirmed data leakage has been established or observed so far. As part of the data security and protection, EPFO has taken advance action by closing the server and host service through Common Service Centres pending vulnerability checks”, said EPFO in a press release published today. At the time of writing this article, EPFO’s Aadhaar seeding portal is still not functional.