Sensitive data of 288 million EPFO pension scheme holders exposed online, claims security researcher

The security researcher's claim about the data exposed online was yet to be verified by the EPFO, national cyber agency CERT-In or the IT Ministry. Bob Diachenko, cyber threat intelligence director and journalist at SecurityDiscovery.com, claimed that their systems identified two separate IPs with Universal Account Number (UAN) data.

Sensitive data of 288 million EPFO pension scheme holders exposed online, claims security researcher
While 280 million records were available under one IP address, the other IP address had about 8.4 million data records publicly exposed, claimed the researcher. Pic: epfindia.gov.in

A Ukraine-based cybersecurity researcher and journalist has claimed that about 288 million personal records, containing the full name, bank account number and nominee information of the Employees' Pension Scheme (EPS) holders in the Employees' Provident Fund Organisation (EPFO), were exposed online before being taken off the Internet.

The security researcher's claim about the data exposed online was yet to be verified by the EPFO, national cyber agency CERT-In or the IT Ministry.

Bob Diachenko, cyber threat intelligence director and journalist at SecurityDiscovery.com, claimed that their systems identified two separate IPs with Universal Account Number (UAN) data.

An IP address is a unique address that identifies a device on the internet or a local network. IP stands for "Internet Protocol."

"UAN stands for Universal Account Number and this is an important part of the Indian government registry. UAN is allotted by EPFO, he wrote in a blogpost.

Each record contained personal information, including marital status, gender and date of birth, UAN, bank account number and employment status, among others.

While 280 million records were available under one IP address, the other IP address had about 8.4 million data records publicly exposed, claimed the researcher.

"Given the scale and obvious sensitivity of data, I decided to tweet about it, without giving any details as of source and associated info. Within 12 hours after my tweet both IPs were taken down and now unavailable," Diachenko claimed.

"As of August 3rd, I did not hear back from any agency or company who would claim responsibility for the data found," he added.

According to the security researcher, "both IPs were Azure-hosted and India-based".

"No other information was obtained through reverse DNS analysis as well. Both Shodan and Censys search engines picked them up on August 1st, but it is unknown for how long this information was exposed before search engines indexed them," the security researcher said.

He also tweeted: "[BREACH ALERT] 280M+ records in this Indian database, publicly exposed. Where to report? @IndianCERT?"

Both the IPs have now been taken down from public domain, he informed.

Get Latest Business News, Stock Market Updates and Videos; Check your tax outgo through Income Tax Calculator and save money through our Personal Finance coverage. Check Business Breaking News Live on Zee Business Twitter and Facebook. Subscribe on YouTube.

RECOMMENDED STORIES

https://www.zeebiz.com/personal-finance/banking/photo-gallery-fd-rates-of-private-public-banks-sbi-pnb-hdfc-icici-post-office-3-year-fixed-deposit-tenure-326468

Latest FD Interest Rates: What SBI, PNB, HDFC Bank, ICICI Bank and other banks are offering in 3-year fixed deposit schemes

https://www.zeebiz.com/personal-finance/photo-gallery-sbi-fd-state-bank-of-india-latest-senior-citizen-fixed-deposit-interest-rate-maturity-calculator-know-return-on-inr-rs-500000-1000000-1500000-investments-in-amrit-vrishti-1-3-5-year-scheme-326523

SBI Senior Citizen FD Interest Rates: Know how Rs 5 lakh, Rs 10 lakh, and Rs 15 lakh investments will give in maturity in Amrit Vrishti, 1-, 3-, and 5-year fixed deposit schemes

https://www.zeebiz.com/personal-finance/photo-gallery-top-7-etf-that-with-up-to-59-cagr-returns-in-1-year-calculator-mirae-asset-nyse-fang-has-turned-inr-rs-300000-into-464530-bse-nse-cpse-sbi-uti-icici-pru-motilal-326333

Top 7 ETFs That Have Given up to 59% Returns in 1 Year: No. 1 ETF has turned Rs 3 lakh investment into Rs 4.65 lakh; know about others too

https://www.zeebiz.com/india/news-weather-update-heavy-rains-in-tamil-nadu-yellow-alert-for-18-districts-this-weekend-326587

Weather Update: Heavy rains in Tamil Nadu, yellow alert for 18 districts this weekend

https://www.zeebiz.com/market-news/photo-gallery-stocks-to-buy-up-to-71-percent-return-brokerage-antique-recommends-4-stocks-after-q2-results-326562

Stocks to Buy: Up to 71% return in falling market! Brokerage recommends buying these 4 stocks

https://www.zeebiz.com/personal-finance/photo-gallery-power-of-inr-rs-2000-monthly-mutual-fund-sip-compounding-returns-calculator-can-one-achieve-32708677-retirement-corpus-by-investment-in-how-many-years-326086

Power of Rs 2,000 Monthly SIP: Can one achieve Rs 3.18 crore corpus by investing Rs 2,000 monthly? If yes, in how many years

https://www.zeebiz.com/personal-finance/photo-gallery-sip-swp-mutual-fund-retirement-corpus-planning-calculator-inr-rs-12000-monthly-sip-till-50-years-of-age-and-then-135000-monthly-income-pension-till-80-compounding-rupee-cost-averaging-326399

SIP+SWP Calculator: Rs 12,000 monthly SIP for 25 years and then Rs 135,000 monthly income for 30 years; how it can work out

Written By: IANS
Updated: Thu, Aug 04, 2022
11:57 AM IST
IANS
RELATED NEWS
EPFO playing key role in providing social security, financial stability to millions: Union Minister EPFO playing key role in providing social security, financial stability to millions: Union Minister
EPF Calculator: What will be maturity amounts on basic salaries of Rs 20,000, Rs 30,000 and Rs 40,000? EPF Calculator: What will be maturity amounts on basic salaries of Rs 20,000, Rs 30,000 and Rs 40,000?
EPFO Tips: How to withdraw provident fund online | Step by step guide EPFO Tips: How to withdraw provident fund online | Step by step guide
What is EPS? How to file e-nomination for EPF/EPS Scheme | A Step-by-Step Guide What is EPS? How to file e-nomination for EPF/EPS Scheme | A Step-by-Step Guide
EPF transfer: How to transfer provident fund online? Step-by-step guide here EPF transfer: How to transfer provident fund online? Step-by-step guide here

By accepting cookies, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

x