New Delhi, May 3: Following reports of data theft of about 2.7 crore people registered with retirement fund body Employees Provident Fund Organisation (EPFO), retirement fund body EPFO maintained that there was no data leak. According to media reports, Aadhaar details of over 2 crore members of the EPFO, who had linked their PF accounts to their Aadhaar numbers, was reportedly stolen by hackers in March this year.

Refuting the leak, EPFO said it has taken advance action by closing the server and host service through Common Service Centres pending vulnerability checks as part of the data security and protection. The body said that it has been taking all necessary precautions and measures to ensure that no data leakage takes place. "With regard to the news item being circulated in the social media platform that there has been vulnerabilities in the EPFO data, based on which a letter has been written to the Chief Executive Officer, Common Service Centre (CSC) to plug such vulnerabilities", the press release said.

The EPFO said the report is related to the services through CSC and not about EPFO software or data centre. "No confirmed data leakage has been established or observed so far. As part of the data security and protection, EPFO has taken advance action by closing the server and host service through CSC pending vulnerability checks," EPFO informed.

EPFO's statement comes against the backdrop of reports suggesting theft of data of subscribers by hackers from 'aadhaar.epfoservices.com', a website operated by Common Service Centre (CSC) that comes under the Ministry of Electronics and IT.

To recall, the retirement fund body has been seeding Aadhaar with Universal Account (PF)Numbers of its subscribers to improve delivery of services. It has planned to go paperless by August this year. Thus, all its services would be provided online also. When contacted, a senior IT ministry official was quoted by PTI saying that as a vulnerability has been pointed out, the ministry will take action to plug the gaps, in case they exist. "We will have it looked at. A vulnerability has been pointed out, and so we will (undertake) the exercise to plug the vulnerability if it is there," said the official who did not wish to be named.

The reports were based on a letter by EPFO Central Provident Fund Commissioner V P Joy to CEO of CSC, Dinesh Tyagi. The letter dated March 23 had a subject saying, “Data Theft from ICT Infrastructure of Aadhaar Seeding Service for Employees’ Provident Fund Organisation”.

The letter said, “You are requested to deploy immediately your Technical Team in order to plug in the identified as well as other vulnerabilities if any”. On Wednesday, the EPFO had discontinued Aadhaar-seeding portal services provided through Common Service Centre (CSC) "pending vulnerability checks" and ruled out any leakage of subscribers' data from a government website.

(The above story first appeared on LatestLY on May 03, 2018 09:16 AM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).