In a letter to IT Minister Ashwini Vaishnaw, Lok Sabha MP Karti P Chidambaram sought immediate intervention into the alleged leak of data from the Employees’ Provident Fund Organisation (EPFO), which might have exposed the data of over 28 crore Indians.
Chidambaram urged the minister to ensure:
- A thorough investigation is launched into the alleged data leak and the report is released publicly
- Data fiduciaries are mandated to notify users in the case of a data breach.
- A tiered system of security compliance is introduced based on the scale and sensitivity of data to ensure the security of Indian networks and databases.
FREE READ of the day by MediaNama: Click here to sign-up for our free-read of the day newsletter delivered daily before 9 AM in your inbox.
What is the EPFO data breach: Earlier in August, Bob Diachenko, a cybersecurity researcher at SecurityDiscovery.com, reported that sensitive data of over 280 million Indian citizens was allegedly left exposed for an unknown period of time, According to Diachenko, the data appeared to be part of the Universal Account Number database. UAN is allotted by the EPFO, which is one of the two government bodies responsible for the regulation and management of provident funds in India. The exposed database was taken down within 12 hours of Diachenko tweeting about it, but it’s not known for how long this information was exposed before search engines indexed them, the researcher said.
MediaNama has filed an RTI with EPFO seeking more details on the alleged incident.
Why does this matter? If the allegations are true, this could be one of the largest data breaches given that over 280 million records were exposed. These records contained sensitive details like address, bank account number, income levels, Aadhaar details, etc. Even though the records are no longer exposed, it is not known if someone had accessed and downloaded them during the period that it was. Given the gravity of the situation, it is concerning that there has not been any official confirmation or denial of the allegations.
A clear violation of the right to privacy: “A data breach exposes confidential, sensitive and protected information to unauthorised persons. This data breach is in clear violation of the fundamental right to privacy, upheld by the Hon’ble Supreme Court in Justice K.S Puttaswamy vs Union of India (2017),” Chidambaram wrote.
Urgent need to address vulnerabilities in Indian cyberspace: “The economic impact of data breaches is enormous. Data breaches in India cost an average of Rs 17.6 crore, according to IBM Cost of a Data Breach Report 2022. There has been a 6.6% increase in cost from 2021 when the average cost of a breach was Rs 16.5 crore, and it is up 25% from Rs 14 crore in 2020,” Chidambaram stated. “Between January to June 2022, India stood second in the world in terms of data breaches. In the absence of a data protection law, these data breaches put the privacy of Indian citizens at risk. There is an urgent need to address vulnerabilities in India’s cyberspace ecosystem,” Chidambaram added.
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.
- Personal Data Of 280 Million Indians Allegedly Exposed In Leak From Pension Fund Org EPFO: Report
- A 2020 Data Breach That Continues To Remain An Unsolved Mystery
- Policybazaar Targeted In Cyberattack, But Company Says No Significant Data Exposed
- Akasa Air Suffers Data Breach, Airline Says Issue Resolved And Affected Users Notified