Speaking to PTI, Tyagi said that while the said application had been designed by the CSC, it was now hosted on EPFO data centres and servers. The EPFO shut down the website on March 22, urging the CSC to secure the confidential data of employees.
The report comes at a time when Aadhaar is embroiled in data breach allegations while also being at the centre of India's privacy debate. The Supreme Court is hearing a clutch of petitions challenging the Aadhaar Act and the use of biometric identifier in various government and non-government services.
Here is all you need to know about the EPFO data leak:
The basis of the EPFO data leak report:
The reports of the possible data theft are based on a letter purportedly written by EPFO Central Provident Fund Commissioner V P Joy to CSC CEO Dinesh Tyagi on March 23 flagging the data theft issue. “It has been intimated that the data has been stolen by hackers by exploiting the vulnerabilities in the website (aadhaar.epfoservices.com) of EPFO,” Roy wrote in the letter.
The incident, according to an earlier report
on Business Standard, came to light after the Intelligence Bureau (IB) informed the Labour and Employment Ministry in March about the data theft from the EPFO’s web portal.
What the EPFO said:
EPFO on Wednesday said no confirmed data leakage had been established
. "No confirmed data leakage has been established or observed so far. As part of the data security and protection, the EPFO has taken advance action by closing the server and host service through the CSC pending vulnerability checks," it said in a statement.
Why EPFO has suspended CSC services: While announcing the suspension of CSC services, the EPFO said the services were being discontinued on the basis of warnings regarding vulnerabilities in software. "Warnings regarding vulnerabilities in data or software is a routine administrative process based on which the services which were rendered through the CSC have been discontinued from March 22, 2018," EPFO had said.
What the UIDAI said:
The Unique Identification Authority of India (UIDAI), the Aadhaar-issuing body, said the matter does not pertains to any data breach from UIDAI
server as the alleged data breach took place on a website that does not belongs to it.
“This matter does not pertain at all to any Aadhaar data breach from UIDAI
servers,” it said in a press statement.
About the portal - aadhaar.epfoservices.com: The website, hosted at the National Data Centre for EPFO and managed by the CSC, used to help formal sector workers link their Aadhaar numbers with the EPFO’s universal account number (UAN) through CSC outlets. It also helped EPFO pensioners to submit their digital life certificates.