11.1 C
London
Monday, September 26, 2022

Sensitive data of Indian pension fund holders made public online – londonbusinessblog.com

Must read

Storm watches issued for Florida as Ian continues to intensify

Tropical storm and storm surge warnings were issued late Sunday for part of the Florida coast as a possible Hurricane Ian was headed for...

India repurposes its COVID-19 contact tracing app and vaccination website • londonbusinessblog.com

India is repurposing its COVID-19 contact tracing app and vaccination website to address other health concerns in the South Asian country. A senior official said...

Everything wrong with how Optus announced its massive data breach

Optus fears data of up to 9.8 million of its customers in a advanced cyber attack – including, for some customers, passport and driver's...

Amazon’s Prime Early Access Sale takes place October 11-12

The rumors were true: Amazon is holding a second Prime-exclusive sale event starting on Tuesday, October 11 at 3AM ET / 12AM PT and...
Shreya Christinahttps://londonbusinessblog.com
Shreya has been with londonbusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider londonbusinessblog.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

A huge amount of data containing full name, bank account number and information about the nominees of pension fund holders in India has surfaced online.

Security Investigator Bob Diachenko found two separate IP addresses with more than 288 million records – with about 280 million records available under one IP address and about 8.4 million were part of the second IP address. Both IP addresses made the data public on the Internet, but were not protected by passwords, the researcher said said.

The records were part of cluster indices titled “UAN,” which apparently refers to the universal account number assigned to pension fund holders by the state-owned Employees’ Provident Fund Organization (EPFO) in the country.

“From what I understood, information from the database could have been used to compile a complete profile of an Indian citizen and make them a target for a phishing or scam attack,” Diachenko told londonbusinessblog.com.

Each record contained individuals’ personal information, including their marital status, gender, and date of birth. There was also data mainly related to their pension fund accounts, including the UAN, bank account number and employment status.

Aside from leaking the personally identifiable information (PII) of individuals with retirement fund accounts, the records revealed details of their nominees. These include their full name and relationship with the account holders.

Diachenko discovered earlier this week that the IP addresses were leaking the sensitive data. He tweeted a screenshot on Wednesday showing the data fields revealing personal information, in addition to tagging the Indian Computer Emergency Response Team (CERT-In). Less than a day after posting his tweet, both IP addresses in question were no longer accessible.

But Diachenko said it was not clear who should claim responsibility for the exposed data that surfaced online. It is also unclear whether anyone other than Diachenko also found the exposed data.

londonbusinessblog.com contacted India’s EPFO, CERT-In and the country’s IT ministry for comment, but we haven’t heard anything back.

In 2018, the Central Provident Fund Commissioner reportedly aware the IT ministry that hackers could steal data from the Aadhaar seeding portal of the EPFO ​​website. That incident had jeopardized the information of some 27 million pension fund participants. However, the pension fund body later claimed in the file, but provided no evidence, that there was: no data leaks from his side.


More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Storm watches issued for Florida as Ian continues to intensify

Tropical storm and storm surge warnings were issued late Sunday for part of the Florida coast as a possible Hurricane Ian was headed for...

India repurposes its COVID-19 contact tracing app and vaccination website • londonbusinessblog.com

India is repurposing its COVID-19 contact tracing app and vaccination website to address other health concerns in the South Asian country. A senior official said...

Everything wrong with how Optus announced its massive data breach

Optus fears data of up to 9.8 million of its customers in a advanced cyber attack – including, for some customers, passport and driver's...

Amazon’s Prime Early Access Sale takes place October 11-12

The rumors were true: Amazon is holding a second Prime-exclusive sale event starting on Tuesday, October 11 at 3AM ET / 12AM PT and...

Get 1TB of high-quality cloud storage for a lifetime for just $112

Disclosure: Our goal is to provide products and services that we believe you will find interesting and useful. If you buy them, londonbusinessblog.com...