EPFO suspends CSC services amid fears of subscriber data leak

EPFO in a statement ruled out theft of subscriber data from ‘aadhaar.epfoservices.com’, a website operated by the Common Service Centre but said it was suspending services pending vulnerability checks.

india Updated: May 02, 2018 18:42 IST
File photo of employees provident fund organisation head office. (LiveMint photo)

Retirement fund body Employees’ Provident Fund Organisation (EPFO) on Wednesday said it has discontinued services provided through Common Service Centre (CSC) “pending vulnerability checks” and ruled out any leakage of subscribers’ data from a government website.

EPFO’s statement comes against the backdrop of reports suggesting theft of data of subscribers by hackers from ‘aadhaar.epfoservices.com’, a website operated by Common Service Centre (CSC) that comes under the ministry of electronics and information technology.

The reports were based on a letter by EPFO Central Provident Fund Commissioner VP Joy to CEO of CSC, Dinesh Tyagi.

“Warnings regarding vulnerabilities in data or software is a routine administrative process based on which the services which were rendered through CSC have been discontinued from March 22, 2018,” said an EPFO statement issued after the report went viral.

It said the report is related to the services through CSC and not about EPFO software or data centre.

“No confirmed data leakage has been established or observed so far. As part of the data security and protection, EPFO has taken advance action by closing the server and host service through CSC pending vulnerability checks,” EPFO said.

It said there is nothing to be concerned about and EPFO has been taking all necessary measures to ensure that no data leakage takes place and will continue to be vigilant about it in the future.

The retirement fund body has been seeding Aadhaar with Universal Account (PF) Numbers of its subscribers to improve delivery of services. It has planned to go paperless by August this year. Thus, all its services would be provided online also.

When contacted, a senior IT ministry official said that as a vulnerability has been pointed out, the ministry will take action to plug the gaps, in case they exist.

“We will have it looked at. A vulnerability has been pointed out, and so we will (undertake) the exercise to plug the vulnerability, if it is there,” said the official who did not wish to be named.

(This story has been published from a wire agency feed without modifications to the text. Only the headline has been changed.)