{"id":42826,"date":"2018-05-03T19:26:42","date_gmt":"2018-05-03T13:56:42","guid":{"rendered":"https:\/\/apnlive.com\/?p=42826"},"modified":"2018-05-03T19:27:19","modified_gmt":"2018-05-03T13:57:19","slug":"epfo-shuts-aadhaar-seeding-portal-after-ib-alert-on-data-breach","status":"publish","type":"post","link":"https:\/\/apnlive.com\/india-news\/epfo-shuts-aadhaar-seeding-portal-after-ib-alert-on-data-breach\/","title":{"rendered":"EPFO shuts Aadhaar seeding portal after IB alert on data breach"},"content":{"rendered":"

A joke doing the rounds says that according to Modi government, everything from Defence Ministry website to the most sophisticated computer can be hacked, but not EVMs or Aadhaar data.<\/p>\n

That in fact sums up the response of the government and the joke has frequently been on the people with repeated reports of Aadhaar data breach.<\/p>\n

This time, confidential data on subscribers of the Employees\u2019 Provident Fund Organisation (EPFO) was found to have been stolen by hackers. The EPFO had to shut down the portal that was used to seed Aadhaar details with PF accounts.<\/p>\n

The matter came to light when a letter from EPFO Central Provident Fund Commissioner VP Joy surfaced on Twitter.<\/p>\n

According to a letter, which Joy wrote to Dinesh Tyagi, CEO of Common Service Centre (CSC) which managed the EPFO website with the data, Intelligence Bureau (IB) had informed the labour ministry in March about the data theft from the aadhaar.epfoservices.com website that helps link the Aadhaar numbers of subscribers with their EPF account numbers.<\/p>\n

The website had subscribers data related to their Aadhaar<\/a> number, Permanent Account Number or PAN, personal family and salary details.<\/p>\n

“It has been intimated that the data has been stolen by hackers by exploiting the vulnerabilities prevailing in the website (aadhaar.epfoservices.com) of EPFO,” Joy wrote in the letter to Tyagi, according to LiveMint.<\/p>\n

The letter said that the IB has advised adhering to “best practices and guidelines for securing the confidential data, re-emphasising regular and meaningful audit and vulnerability assessment and penetration testing of the entire system from competent auditors and testers stated.”<\/p>\n

“The web portal has been closed one-and-a-half months ago, immediately after a possible data theft was reported to us during a process of routine security check,” Joy told Business Standard Wednesday, May 2.<\/p>\n

“There was some problem in the application run by CSC and it is not related to our data centre that maintains the EPF accounts.”<\/p>\n

After the scare over the reported breach, the EPFO on Wednesday, May 3 said in a statement, “No confirmed data leakage has been established or observed so far. As part of the data security and protection, EPFO has taken advance action by closing the server and host service through Common Service Centres pending vulnerability checks.”<\/p>\n

However, Joy was reported as saying in an interview, “I don\u2019t know how my letter got leaked. We shall find out,” according to LiveMint. He said EPFO has “taken care of the vulnerabilities and soon after it was warned about the vulnerability of data it stopped availing services of the CSC.”<\/p>\n

The UIDAI also said that the breach wasn’t from its server.<\/p>\n

However, the government sources have now confirmed that details of PF accounts were compromised for “a few weeks,” before it was detected and the portal was taken down, reported the Huff Post.<\/p>\n","protected":false},"excerpt":{"rendered":"