Cyber threat threatens EPFO pension data of 288 million subscribers
Posted Date: 4th August 2022
Relating to which Act: The Employees Provident Funds & Miscellaneous Provisions Act, 1952
Type: ET Government News
Pertains to employer and employee.
Relevance of this news: Karma Management Global Consulting Solutions Pvt. Ltd is in the business of Payroll, Outsourcing, and Regulatory Compliances since its inception in 2004 and since then, has brought in a lot of efficiencies and technological upgradations with experts on its roll, to ease the hassles of Payroll Processing, Temp Staffing On-boarding, Regulatory and Payroll compliance services by providing customized solutions.
Karma Management has been handling PF-related compliances of hundreds of clients whereby the PF pension scheme is also taken care of. It churns out thousands of employees’ data on its internal payroll software for its clients and its expert staff also work on the EPFO portal to download relevant data including making payment of contributions as per the regulatory PF Act.
This is only a claim made by some unknown agency which the EPFO has to verify and until then, this is to be looked at only a passing news item and we do not support the same.
Subject: Cyber threat threatens EPFO pension data of 288 million subscribers
Cyber threat threatens EPFO pension data of 288 million subscribers
Claims about the data exposed online are yet to be verified by…
In the latest data breach claims, a Ukraine-based cybersecurity researcher has claimed that about 288 million personal records, containing the name, bank account number, and nominee information of the Employees’ Pension Scheme (EPS) holders in the Employees’ Provident Fund Organisation (EPFO) were exposed to cyber criminals before being pulled off the Internet.
The claims about the data exposed online are yet to be verified by the EPFO, national cyber agency CERT-In or the IT Ministry.
According to Bob Diachenko, a cyber threat intelligence director at Security Discovery.com, the cyber tracking system has recently identified two separate IPs with Universal Account Number (UAN) data.
An IP address is a unique address that identifies a device on the internet or a local network. IP stands for ‘Internet Protocol.’ UAN stands for Universal and this is an important part of the Indian government registry. UAN is allotted by EPFO.
As per reports, each record contained personal information, including marital status, gender, date of birth, UAN, bank account number, and employment status, amongst others.
While 280 million records were available under one IP address, the other IP address had about 8.4 million data records publicly exposed, claimed the researcher.
“Given the scale and obvious sensitivity of data, I decided to tweet about it, without giving any details as of source and associated info. Within 12 hours after my tweet both IPs were taken down and now unavailable,” Diachenko claimed.
“As of August 3rd, I did not hear back from any agency or company who would claim responsibility for the data found,” he said, adding that both IPs were Azure-hosted and India-based”.
(With agency inputs)