Provident fund body chief writes to Intelligence Bureau. Says hackers have stolen data from portal made to link Aadhaar numbers. Has asked centre's technical team to plug vulnerabilities

The personal and professional details of about 2.7 crore members registered with the retirement fund body Employees Provident Fund Organisation (EPFO) have been exposed to data theft.

In a letter to the Ministry of Electronics and Information Technology, the Central Provident Fund Commissioner has written that hackers have stolen data from the Aadhaar seeding portal of EPFO. He has also asked the ministry's technical team to plug vulnerabilities on the portal aadhaar.epfoservices.com that has now been temporarily shut. The portal links the Aadhaar number of employees with their provident fund accounts.

In the letter marked "secret", the commissioner wrote that the Intelligence Bureau (IB) had informed them of "hackers exploiting the vulnerabilities prevailing in the website (aadhaar.epfoservices.com) of EPFO."

Details of the scale of the breach are not known but the website contains information like the names and addresses of EPF subscribers besides their employment history.

"Each person contributes 12% of salary as provident fund, so salary details could also have been stolen. Also the bank account numbers as people tend to withdraw their PF," said cybersecurity expert Anand Venkatnarayan.

Hackers exploiting vulnerabilities, EPFO commissioner wrote to the government

A total of 114 government websites were hacked between April 2017 and January 2018, the Ministry of Electronics and IT told Lok Sabha in March.

The head of the Computer Emergency Response team of the Ministry of Electronics and IT, when contacted by NDTV, remained unavailable.

The body that governs Aadhaar, UIDAI, has clarified that it has nothing to do with the alleged data breach from aadhaar.epfoservices.com. "This matter does not pertain at all to any Aadhaar data breach from UIDAI servers. There is absolutely no breach into Aadhaar database of UIDAI. Aadhaar data remains safe and secure," it said.