There is a huge cache of data that contains the full name, bank account number and nominee information of pension fund holders in India.
There are more than 300 million records stored in two separate addresses, with some of them available under one address. The researcher said that the public exposure of the data to the internet was not protected by passwords.
The Universal Account Number allotted to pension fund holders by the state-owned Employees' Provident Fund Organization is referred to in the records as "UAN".
Information from the database could have been used to create a complete profile of an Indian citizen and make them a target for a scam.
Personal information of individuals were included in the records. Their bank account number and employment status were linked to their pension fund accounts.
The leakedPII of individuals holding pension fund accounts were not the only ones exposed by the records. Their full name and relationship with the account holders are included.
The data was leaked earlier this week. He tagged India's Computer Emergency Response Team (CERT-In) along with a picture of the data fields. The two addresses in question were no longer accessible less than a day after he posted his message.
It was not clear who should be responsible for the data that was exposed. It's not clear if anyone else found the data.
India's CERT-In and the country's IT ministry did not reply after being contacted.
The IT ministry was notified by the Central Provident Fund Commissioner that hackers were able to steal data from the website. About 27 million pension fund members' information was at risk. The pension fund body claimed on the record that there was no data leak.
All Rights Reserved © 2024
