2.7 crore EPFO members exposed to data theft

The Aadhaar seeding portal has been shut down after confidential data was stolen. Here’s what you need to know

EPFO accounts exposed to data theft

In what may be seen as a classic example of locking the stable door after the horse has bolted, the chief of the EPFO (Employees’ Provident Fund Organisation) has asked the technical team at the centre to plug any leaks in the EPFO database as well as the Aadhaar seeding portal that links PF accounts to Aadhaar.

The facts

NDTV and The Telegraph have reported hacking of data from the portal that linked Aadhaar numbers to PF accounts of registered members, which has rekindled interest in the linking of Aadhaar with various accounts held by Indian citizens.

Some hackers allegedly hacked into data from the portal that linked Aadhaar numbers to PF accounts, making away with personal as well as professional details of more than 2 crore registered members. The Intelligence Bureau (IB) had apparently informed the PF authorities that hackers were exploiting database vulnerabilities on the website.

An individual registered for Provident Fund contributes a percentage of their salary each month towards their retirement fund. Since salaries are linked to PF, it is possible that salary, employment, and bank account details too may have been compromised.

Related: How to check your EPF Balance [Infographic]

NDTV reports that more than a hundred government sites have been hacked in the past year. According to reports, monitoring government websites is a herculean task and the government is not being proactive enough when it comes to cybersecurity. 

 

The EPFO has shut down its server pending an investigation and vulnerability check while the Unique Identification Authority of India (UIDAI) has washed its hands clean claiming there’s no substance in the allegation. It also claimed that there’s been no breach in its database, and it has no involvement in the matter whatsoever, thereby putting the onus of any breach squarely on the shoulders of the EPFO.

Related: EPF interest rate falls to a five-year low of 8.55% 

The Repercussions

If it proves to be more than a rumour, the repercussions of the breach can be far-reaching. Having the Aadhaar number alone can facilitate a lot of fraud, including access to mobile data, bank accounts, and other personal and professional information that can directly impact the individual and even land them in financial trouble or bankruptcy. 

If the Aadhaar number is coupled with PF and/or even one bank account, it can spell disaster for the concerned individual, given the connectivity afforded by linking Aadhaar to all accounts. In a country where half the people live below the poverty line, the worst affected will be the middle class who depend on their income for day-to-day needs and rely on their PF to support them in their old age.

Related: Retirement Planning: 55% of senior citizens regret not saving enough for retirement 

Conclusion

According to The Financial Express, the UIDAI claims the report is a rumour spread by people with ‘vested interests’. The Telegraph, on the other hand, cites a letter written to Dinesh Tyagi, CEO of CSC (Cyber Security Cell) – also cited by NDTV – stating that the IB had warned the EPFO that hackers are attempting a breach. 

Rumour or not, linking all accounts to a single number – Aadhaar – can be risky. While the introduction of Aadhaar was a futuristic step, it was perhaps a hasty one and taken without accounting for security. The full and far-reaching effects of this step and those that followed are yet to be seen. In the meantime, let’s put our best efforts and try to make a better tomorrow for our country.

Related Article