Delicate information of Indian pension fund holders uncovered on-line – TechCrunch

An enormous cache of knowledge containing the total identify, checking account quantity and nominee info of pension fund holders in India has surfaced on-line.

Safety researcher Bob Diachenko discovered two separate IP addresses storing over 288 million information — with some 280 million information obtainable below one IP tackle and about 8.4 million have been part of the second IP tackle. Each IP addresses have been publicly exposing the info to the web however weren’t protected by passwords, the researcher mentioned.

The information have been part of cluster indices titled “UAN”, which apparently refers back to the Common Account Quantity allotted to pension fund holders by the state-owned Workers’ Provident Fund Group (EPFO) within the nation.

“From what I understood, info from the database may have been used to place collectively an entire profile of an Indian citizen and make them a goal for a phishing or scamming assault,” Diachenko informed TechCrunch.

Every report included private info of people, together with their marital standing, gender and date of beginning. There have been additionally particulars primarily linked to their pension fund accounts, together with the UAN, checking account quantity and employment standing.

Other than leaking the personally identifiable info (PII) of people holding pension fund accounts, the information uncovered particulars of their nominees. These embrace their full identify and relationship with the account holders.

Diachenko found the IP addresses leaking the delicate information earlier this week. He tweeted a screenshot displaying the info fields exposing private info on Wednesday, alongside tagging India’s Laptop Emergency Response Crew (CERT-In). Lower than a day after posting his tweet, each IP addresses in query have been not accessible.

However Diachenko mentioned it wasn’t clear who ought to declare duty for the uncovered information that surfaced on-line. It’s also unclear whether or not anybody aside from Diachenko additionally discovered the uncovered information.

TechCrunch reached out to India’s EPFO, CERT-In and the nation’s IT ministry for remark, however we didn’t hear again.

In 2018, the Central Provident Fund Commissioner reportedly notified the IT ministry that hackers have been capable of steal information from the Aadhaar seeding portal of the EPFO web site. That incident had put the knowledge of about 27 million pension fund members in danger. Nevertheless, the pension fund physique later claimed on the report, however supplied no proof, that there was no information leakage from its aspect.

Leave a Reply

Your email address will not be published.