EPFO Data Hack: If you are also taking advantage of EPFO Pension Scheme of Government of India, then this news can shock you. According to the report, the data of 28.8 crore EPFO pension scheme holders has been leaked.
EPFO Data Hack: If you are also taking advantage of EPFO Pension Scheme of Government of India, then definitely read this news. This news can give you a big shock. According to the INS report, Ukraine-based cyber security researcher and journalist has claimed that the Employees’ Provident Fund Organization (EPFO) has about 288 million (28.8 million) employees with full names, bank account numbers and nominee details of the Employees’ Pension Scheme (EPS) holders. crore) personal records were leaked online.
Account number and nominee details leaked
SecurityDiscovery.com’s director of cyber threats intelligence and journalist Bob Diachenko claimed that his system identified two different IPs with Universal Account Number (UAN) data. He wrote in a blogpost that an IP address is a unique address that identifies a device on the Internet or local network. IP stands for ‘Internet Protocol’. However, this data has been removed after the matter came to light.
At the same time, ‘UAN’ stands for Universal Account Number and it is an important part of the registry of the Government of India. UAN is allotted by EPFO.” Every record contains personal details, including marital status, gender and date of birth, UAN, bank account number and employment status, among others. The researcher claimed that “where an IP address 280 million (i.e. 28.8 crore) records were available under the IP address, while about 8.4 million (ie 84 lakh) data records were publicly exposed in the second IP address.
No data available now
Diachenko claimed, “Given the scale and apparent sensitivity of the data, I decided to tweet about it, without giving any details as to the source and related information.” Both IPs were taken down within 12 hours of my tweet and are no longer available. “Till August 3, I have not received any response from any agency or company claiming responsibility for the data received,” he said.
According to the security researcher, ‘Both the IPs were Azure-hosted and India-based.’ The security researcher said no other information was obtained even through reverse DNS analysis. Both Shodan and Censys search engines picked them up on August 1, but it is not known how long this information was exposed before the search engines indexed them.’ He also tweeted, ‘280M+ records in this Indian database, publicly exposed. Where to report? @IndianCERT?” He said that both the IPs have now been taken out of the public domain.
