Nadeem Sarwar
It appears that there is hardly an Aadhaar-linked document that is safe from data theft. Be it pregnancy details and medical history of women, identification details of children or information about beneficiaries of social schemes, hardly a day passes before another report of Aadhaar data leak surfaces. But the government always maintains that the Aadhaar data is safe.
However, we finally have an admission from government body EPFO (Employees’ Provident Fund Organisation) about a data theft related to Aadhaar seeding. EPFO has shut down its Aadhaar-seeding portal temporarily after revealing that hackers made away with some data.
Delhi-based independent journalist Arvind Gunasekar recently tweeted an image of a letter written by Central Provident Fund Commissioner, V. P. Joy, which mentioned that data has been stolen by hackers from the EPFO website.
EPFO data stolen by hackers exploiting the vulnerabilities prevailing in the website (https://t.co/ohpaCFwomY) : VP Joy, Central Provident Fund Commissioner to MeitY.
Aadhaar case in SC at the last stage, how will the Govt defend this now ? pic.twitter.com/yYQJ3qDiCh— Arvind Gunasekar (@arvindgunasekar) May 2, 2018
Addressed to the chief of Common Service Centre, a body which operates under the Ministry of Electronics & Information Technology, the letter said,“It has been intimated that the data has been stolen by hackers by exploiting the vulnerabilities prevailing in the website (aadhaar.epfoservices.com) of EPFO.” In the letter, Joy also asked for immediate deployment of a team to fix the two vulnerabilities in order to safeguard the confidential data of employees
The EPFO website contains details such as employee Aadhaar numbers, names, dates of birth, PAN and other information about employment history along with other personally identifiable information. According to a report, around 2.75 crore people have linked Aadhaar details with their EPF account, which gives an idea about the severity of the data theft.
The EPFO handles employee provident funds for all registered companies in India and if you are salaried employee, chances are you have an account under the EPFO. Employers typically match employee deductions under EPFO scheme, which is a savings instrument for salaried class in India.
#EPFO's statement on reports of data breach. EPFO says services rendered through MeitY's Common Service Centres have been discontinued w.e.f March 22. pic.twitter.com/iGPccpcGb7
— Aanchal Magazine (@AanchalMagazine) May 2, 2018
Despite the letter saying otherwise, EPFO has denied any data theft has occurred, clarifying that there is ‘nothing to be concerned’ regarding the letter circulating in the media. “No confirmed data leakage has been established or observed so far. As part of the data security and protection, EPFO has taken advance action by closing the server and host service through Common Service Centres pending vulnerability checks”, said EPFO in a press release published today. At the time of writing this article, EPFO’s Aadhaar seeding portal is still not functional.
