Sensitive data of Indian pension fund holders exposed online

A huge cache of data containing the full name, bank account number and nominee information of pension fund holders in India has surfaced online.

Security researcher Bob Diachenko found two separate IP addresses storing more than 288 million records — with some 280 million records available under one IP address and about 8.4 million a part of the second IP address. Both IP addresses were publicly exposing the data to the internet but were not protected by passwords, the researcher said.

The records were a part of cluster indices titled “UAN”, which apparently refers to the Universal Account Number allotted to pension fund holders by the state-owned Employees’ Provident Fund Organization (EPFO) in the country.

“From what I understood, information from the database could have been used to put together a complete profile of an Indian citizen and make them a target for a phishing or scamming attack ,” Diachenko told TechCrunch.

Each record included personal information of individuals, including their marital status, gender and date of birth. There were also details mainly linked to their pension fund accounts, including the UAN, bank account number and employment status.

Read more @Tech Crunch

335 views