EPFO suspends Aadhaar-linking of PF accounts after data leak scare

The Employees Provident Fund Organisation (FPFO) has suspended the services of Aadhaar-seeding of provident fund accounts done by Common Service Centre (CSC) "pending vulnerability checks", following reports of alleged data leak.

The retirement fund body on Wednesday said warnings regarding vulnerabilities in data is a routine administrative process, but maintained there was no data leak. It said there was nothing to be concerned about and that all necessary measures have been taken to ensure no data leakage.
The EPFO statement came amid reports of a letter purportedly written by EPFO Central Provident Fund Commissioner V P Joy to CSCs CEO, Dinesh Tyagi on 23 March flagging the data theft issue.
The issue of data theft was purportedly raised by Joy in his letter dated 23 March. "... it has been intimated that the data has been stolen by hackers by exploiting the vulnerabilities prevailing in the website (aadhaar.epfoservices.com) of EPFO...," reports cited the letter as saying.
While announcing the suspension of CSC services, the EPFO said, "Warnings regarding vulnerabilities in data or software is a routine administrative process based on which the services which were rendered through the CSC have been discontinued from March 22, 2018."
"No confirmed data leakage has been established or observed so far. As part of the data security and protection, the EPFO has taken advance action by closing the server and host service through the CSC pending vulnerability checks," it said in a statement.
Hackers are reported to have stolen subscriber data from aadhaar.epfoservices.com, a website operated by the CSC that comes under the ministry of electronics and IT.
EPFO has been seeding Universal Account (PF) numbers of its subscribers with Aadhaar to improve delivery of services. It has planned to go paperless by August this year by when all its services would be provided online.
The Aadhaar-issuing body, Unique Identification Authority of India (UIDAI), meanwhile, clarified that there was no data hacking from its servers, and asserted that the Aadhaar database "remains safe and secure".
Asked about EPFOs chiefs letter to CSC CEO, a top IT ministry official said that since vulnerability has been flagged, the ministry would take action to plug the gaps in case they exist.
"We will have it looked at. A vulnerability has been pointed out, and so we will (undertake) the exercise to plug the vulnerability, if it is there," said the official who did not wish to be named.