Employees Provident Fund portal compromised; Aadhaar the weakest link yet again

Amidst reports of confidential user data being compromised on the EPFO portal, the government retaliated with its sure-fire hack remedy – by taking the site offline.


User data of close to 2.7 crore people registered with the Employees Provident Fund Organization (EPFO) have been exposed to possible data theft.

The EPFO, while ruling out a data breach, declared that it has discontinued services on the Common Service Centre (CSC), stating “pending vulnerability check” as the reason.

The EPFO Commissioner, in a statement to Business Standard, said that immediately following a report of a possible data theft, the web portal was shut down. (Don’t bother clicking the link – the site, in all probability, is still offline).
The portal was used to link users’ Aadhaar information to their EPF accounts. The Commissioner also directed the ministry's technical team to plug vulnerabilities on the portal.

However the EPFO, in a statement issued on May 2, said that data breach hasn’t been confirmed or observed so far. The statement goes on to say that as part of data security and protection, the EPFO has taken advance action by closing the server and host service through the CSC, basis pending vulnerability checks.

Although the EPFO stood its ground regarding the possibility of data leakage, the fact of CSC services being suspended since March 22 stands out conspicuously like a sore thumb.