wordpress blog stats
Connect with us

Hi, what are you looking for?

MP Karti Chidambaram seeks urgent probe into alleged EPFO data leak of 28 crore pensioners

The MP wrote to seek urgent intervention from the MeitY minister. This alleged data breach could potentially be one of India’s largest

In a letter to IT Minister Ashwini Vaishnaw, Lok Sabha MP Karti P Chidambaram sought immediate intervention into the alleged leak of data from the Employees’ Provident Fund Organisation (EPFO), which might have exposed the data of over 28 crore Indians.

Chidambaram urged the minister to ensure:

  1. A thorough investigation is launched into the alleged data leak and the report is released publicly
  2. Data fiduciaries are mandated to notify users in the case of a data breach.
  3. A tiered system of security compliance is introduced based on the scale and sensitivity of data to ensure the security of Indian networks and databases.

FREE READ of the day by MediaNama: Click here to sign-up for our free-read of the day newsletter delivered daily before 9 AM in your inbox.

What is the EPFO data breach: Earlier in August, Bob Diachenko, a cybersecurity researcher at SecurityDiscovery.com, reported that sensitive data of over 280 million Indian citizens was allegedly left exposed for an unknown period of time, According to Diachenko, the data appeared to be part of the Universal Account Number database. UAN is allotted by the EPFO, which is one of the two government bodies responsible for the regulation and management of provident funds in India. The exposed database was taken down within 12 hours of Diachenko tweeting about it, but it’s not known for how long this information was exposed before search engines indexed them, the researcher said.

MediaNama has filed an RTI with EPFO seeking more details on the alleged incident.

Why does this matter? If the allegations are true, this could be one of the largest data breaches given that over 280 million records were exposed. These records contained sensitive details like address, bank account number, income levels, Aadhaar details, etc. Even though the records are no longer exposed, it is not known if someone had accessed and downloaded them during the period that it was. Given the gravity of the situation, it is concerning that there has not been any official confirmation or denial of the allegations.

Advertisement. Scroll to continue reading.

A clear violation of the right to privacy: “A data breach exposes confidential, sensitive and protected information to unauthorised persons. This data breach is in clear violation of the fundamental right to privacy, upheld by the Hon’ble Supreme Court in Justice K.S Puttaswamy vs Union of India (2017),” Chidambaram wrote.

Urgent need to address vulnerabilities in Indian cyberspace: “The economic impact of data breaches is enormous. Data breaches in India cost an average of Rs 17.6 crore, according to IBM Cost of a Data Breach Report 2022. There has been a 6.6% increase in cost from 2021 when the average cost of a breach was Rs 16.5 crore, and it is up 25% from Rs 14 crore in 2020,” Chidambaram stated. “Between January to June 2022, India stood second in the world in terms of data breaches. In the absence of a data protection law, these data breaches put the privacy of Indian citizens at risk. There is an urgent need to address vulnerabilities in India’s cyberspace ecosystem,” Chidambaram added.

This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.

Also Read

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



India's smartphone operating system BharOS has received much buzz in the media lately, but does it really merit this attention?


After using the Mapples app as his default navigation app for a week, Sarvesh draws a comparison between Google Maps and Mapples


In the case of the ‘deemed consent' provision in the draft data protection law, brevity comes at the cost of clarity and user protection


The regulatory ambivalence around an instrument so essential to facilitate data exchange – the CM framework – is disconcerting for several reasons.


The provisions around grievance redressal in the Data Protection Bill "stands to be dangerously sparse and nugatory on various counts."

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ