The Employment Provident Fund Organisation (EPFO) in a statement has clarified that there has been no Aadhaar data leak from EPFO’s Aadhaar services. The provident fund body has also discontinued its services through the Common Service Centre (CSC) owing to pending vulnerability checks.
The response comes after a letter titled Secret was tweeted by @raydeep and @arvindgunasekar. The letter, addressed tothe CEO of Common Service Centre Dinesh Tyagi, was sent by Central Provident Fund Commissioner VP Joy. It spoke about data theft from the ICT Infrastructure of Aadhaar Seeding Services for EPFO.
According to the letter, Joy had been intimated about the data theft. It said that the hackers had stolen data from aadhaar.epfoservices.com, which is hosted by the CSC. The two vulnerabilities found were ‘strut vulnerabilities’ and ‘backdoor shells’.
The EPFO also added, “it is informed that warnings regarding vulnerabilities in data or software is a routine administrative process based on which the services which were rendered through Common Service Centres have been discontinued w.e.f. 22nd March 2018.”
The statement also said that services for Aadhaar seeding come under the Common Service Centre and not the EPFO and that therefore, EPFO’s data centre has nothing to do with it. Similarly, according to the Economic Times, the UIDAI has refused to be linked to the data leak.
As of now, the EPFO has shut down the servers as it takes another look at the security of the system.