EPFO discontinues services through Common Service Centre and claims that there was no Aadhaar data leak

The Employment Provident Fund Organisation (EPFO) in a statement has clarified that there has been no Aadhaar data leak from EPFO’s Aadhaar services. The provident fund body has also discontinued its services through the Common Service Centre (CSC) owing to pending vulnerability checks. [caption id=“attachment_4331399” align=“alignleft” width=“380”]  Representational image. CNN News18[/caption] The response comes after a letter titled Secret was tweeted by @raydeep and @arvindgunasekar. The letter, addressed tothe CEO of Common Service Centre Dinesh Tyagi, was sent by Central Provident Fund Commissioner VP Joy. It spoke about data theft from the ICT Infrastructure of Aadhaar Seeding Services for EPFO. According to the letter, Joy had been intimated about the data theft. It said that the hackers had stolen data from aadhaar.epfoservices.com, which is hosted by the CSC. The two vulnerabilities found were ‘strut vulnerabilities’ and ‘backdoor shells’. The EPFO also added, “it is informed that warnings regarding vulnerabilities in data or software is a routine administrative process based on which the services which were rendered through Common Service Centres have been discontinued w.e.f. 22nd March 2018.” The statement also said that services for Aadhaar seeding come under the Common Service Centre and not the EPFO and that therefore, EPFO’s data centre has nothing to do with it. Similarly, according to the Economic Times, the UIDAI has refused to be linked to the data leak. As of now, the EPFO has shut down the servers as it takes another look at the security of the system.  

Shocking letter of Central Provident Fund Commissioner Dr VP Joy @socialepfo to CSC, @GoI_MeitYto - EPFO data stolen by hackers exploiting the vulnerabilities in the website https://t.co/jpLUGuJmlr pic.twitter.com/ahnStQZ0aF

— Kirandeep Bhatia (@raydeep) May 2, 2018