EPFO discontinues services through CSC, pending vulnerability checks

EPFO

Retirement fund body EPFO has said it has discontinued services provided through Common Service Centre “pending vulnerability checks” and ruled out any leakage of subscribers data from a government website. EPFOs statement comes against the backdrop of reports suggesting theft of data of subscribers by hackers from aadhaar.epfoservices.com, a website operated by Common Service Centre (CSC) that comes under the Ministry of Electronics and IT.

The reports were based on a letter by EPFO Central Provident Fund Commissioner V P Joy to CEO of CSC, Dinesh Tyagi.

“Warnings regarding vulnerabilities in data or software is a routine administrative process based on which the services which were rendered through CSC have been discontinued from March 22, 2018,” said an EPFO statement issued after the report went viral.

It said the report is related to the services through CSC and not about EPFO software or data centre.

“No confirmed data leakage has been established or observed so far. As part of the data security and protection, EPFO has taken advance action by closing the server and host service through CSC pending vulnerability checks,” EPFO said.

It said there is nothing to be concerned about and EPFO has been taking all necessary measures to ensure that no data leakage takes place and will continue to be vigilant about it in the future.

The retirement fund body has been seeding Aadhaar with Universal Account (PF) Numbers of its subscribers to improve delivery of services. It has planned to go paperless by August this year. Thus, all its services would be provided online also.

When contacted, a senior IT ministry official said that as a vulnerability has been pointed out, the ministry will take action to plug the gaps, in case they exist.

“We will have it looked at. A vulnerability has been pointed out, and so we will (undertake) the exercise to plug the vulnerability, if it is there,” said the official who did not wish to be named.