EPFO data hacked: Cyber ​​security researcher claims information of over 28 crore EPFO ​​pensioners leaked

It has been claimed that 28 crore details of Pension Scheme (EPS) holders of Employees’ Provident Fund Organization (EPFO) have been leaked. This claim has been made by a cyber security researcher and journalist from Ukraine. The leaked information includes personal data including names of pensioners, bank account details, nominee information. The EPFO, the National […]
 


EPFO data hacked: Cyber ​​security researcher claims information of over 28 crore EPFO ​​pensioners leaked

It has been claimed that 28 crore details of Pension Scheme (EPS) holders of Employees’ Provident Fund Organization (EPFO) have been leaked. This claim has been made by a cyber security researcher and journalist from Ukraine. The leaked information includes personal data including names of pensioners, bank account details, nominee information. The EPFO, the National Cyber ​​Agency or the IT Ministry have not yet confirmed the claim. Bab Dyachenko, director of the Department of Threat Intelligence at SecurityDiscovery.com and a cybersecurity researcher from Ukraine, claimed that his system identified two different IP addresses with Universal Account Number (UAN) data. An IP address is an address that identifies a device on the Internet or local network. IP stands for Internet Protocol.

UAN stands for Universal Account Number. UAN is allotted by EPFO. Each record contains personal information including name, date of birth, UAN, bank account number, marital status, gender. While one IP address contained 28 million records, the other IP address contained about 84 million records. “Given the sensitivity of the data, I tweeted without giving any information about the source and any details,” he said. Both IPs were removed within 12 hours of my tweet. Both the IP addresses were from India. As of August 3, no company or agency has claimed responsibility for the data. It is not clear how long the data was leaked.

According to the security researcher, ‘Both the IPs were based in India.’ The security researcher said the reverse DNS analysis also yielded no further information. Shoden and Sensis search engines picked them up on August 1, but it is not known how long the information surfaced before search engines indexed them.