The Intelligence Bureau (IB) informed the Labour and Employment Ministry in March about the data theft from the EPFO’s web portal that links Aadhaar number of employees with their provident fund accounts. The possible data leak from the website includes employees' Aadhaar number, name, date of birth, father’s name, PAN, employment details, among others. However, the EPFO said it is still unaware of the nature of the data theft.
“It has been intimated that the data has been stolen by hackers by exploiting the vulnerabilities prevailing in the website (aadhaar.epfoservices.com) of EPFO,” central provident fund commissioner V P Joy wrote in a letter dated March 23 to Dinesh Tyagi, chief executive officer (CEO) at Common Service Centre (CSC) which is managing the website’s server.
The EPFO has shut down the website, urging the CSC to secure the confidential data of employees and plug in the vulnerabilities, the letter stated. “The IB has advised adhering best practices and guidelines for securing the confidential data, re-emphasising regular and meaningful audit and vulnerability assessment and penetration testing (CAPT) of the entire system from competent auditors and testers,” the letter stated.
