Employees Provident Fund Organisation (EPFO) had to shut down the portal after an alleged data breach which has exposed confidential user information of about 2.7 crore members registered with the retirement fund body.
The Central Provident Fund Commissioner V P Joy raised this issue on March 23. He immediately wrote a letter to the Ministry of Electronics and Information Technology, informing them about data stolen from the Aadhaar seeding portal of EPFO.
He asked the ministry’s technical team to plug vulnerabilities on the portal aadhaar.epfoservices.com, which links the Aadhaar number of employees with their provident fund accounts. This website now has been shut down.
“The web portal has been closed one-and-a-half months ago, immediately after a possible data theft was reported to us during a process of routine security check. There was some problem in the application run by CSC and it is not related to our data center that maintains the EPF accounts,” Joy told.
However, EPFO has said in their initial investigation, they have not found any evidence to confirm data leakage. “No confirmed data leakage has been established or observed so far. As part of the data security and protection, the EPFO has taken advance action by closing the server and host service through the CSC pending vulnerability checks,” it said in a statement.
Moreover, The Unique Identification Authority of India (UIDAI) said: “the matter does not pertain to any data breach from UIDAI server as the alleged data breach took place on a website that does not belong to it.”