Data security has become the latest buzz in town and rightfully so. We trust all our important and vital information to many organisations and if the same is leaked out, it definitely calls for an introspection. While Aadhaar and Facebook continue to create questions on data security, the latest data breach has come from EPFO (Employees’ Provident Fund Organisation).
The breach came to light through a letter circulated on Twitter which was titled ‘Secret’ dated March 23 and was addressed to the CEO of Common Service Centre which claimed that hackers exploited vulnerabilities through aadhaar.epfoservices.com to steal data.
In its clarification letter, The EPFO has mentioned,
“It has been intimated that the data has been stolen by hackers by exploiting the vulnerabilities prevailing in the website (aadhaar.epfoservices.com) of EPFO,”
The further wrote,
“The IB has advised adhering to the best practices and guidelines for securing the confidential data, re-emphasising regular and meaningful audit and vulnerability assessment and penetration testing (CAPT) of the entire system from competent auditors and testers,”
As per the latest update, 27.5 Mn people have linked their Aadhaar card with their PF accounts. As per a report, possible data that has been leaked includes the unique identity numbers, demographic information and employment details of millions of formal sector employees.
However, to the general masses EPFO has release a statement saying
“no confirmed data leakage” and “As part of the data security and protection, EPFO has taken advance action by closing the server and host service through Common Service Centres pending vulnerability checks.”
They further added,
“As such, there is nothing to be concerned about the news item. EPFO has been taking all necessary precautions and measures to ensure that no data leakage takes place and will continue to be vigilant about it in the future.”
With all these data security threats all around, only time will tell what remains safe to use for the end user with respect to both online and offline data sharing.