Posted inEconomy

EPFO Data Breach: Chinese Cyber Agency Suspected Involvement Resurfaces

February 22, 2024
EPFO Data Breach: Chinese Cyber Agency Suspected Involvement Resurfaces

This article discusses a data breach incident involving the Employees’ Provident Fund Organisation (EPFO) in 2018, which has resurfaced due to a preliminary probe indicating Chinese cyber agency involvement. The breach raises concerns about data security and highlights the need for robust cybersecurity measures, particularly in critical sectors.

Background

In 2018, a data breach affecting EPFO’s systems occurred, initially attributed to vulnerabilities in Common Service Centres (CSCs). However, recent findings suggest the breach was more extensive and may involve Chinese cyber agencies.

Investigative Findings

  • A significant data leak on Github included documents related to Chinese cyber agencies, potentially linked to the EPFO breach.
  • The leaked data purportedly includes information from various Indian institutions, including EPFO, BSNL, Air India, and Reliance.
  • The Indian Computer Emergency Response Team (Cert-In) initiated an investigation to determine the authenticity and extent of the leaked data.

EPFO Response

  • EPFO denied its systems’ compromise in 2018, attributing the vulnerability to CSCs.
  • However, Cert-In’s preliminary findings indicate EPFO’s system compromise during the 2018 breach.

Cybersecurity Landscape in India

  • India faces numerous cybersecurity challenges, with a recent high-profile attack on AIIMS Delhi.
  • The country ranks as the most targeted globally, emphasizing the urgency to bolster cybersecurity measures.
  • The National Cybersecurity Reference Framework (NCRF) aims to enhance cybersecurity across critical sectors by mandating the use of domestically developed security products and services.

Multiple Choice Questions (MCQs):

  1. What was the initial attribution of the 2018 EPFO data breach?
    • a) Chinese cyber agencies
    • b) Vulnerabilities in EPFO’s systems
    • c) Common Service Centres (CSCs)
    • d) Indian cybersecurity agencies
    • Answer: c) Common Service Centres (CSCs)
  2. What recent development reignited concerns about the EPFO data breach?
    • a) A leaked trove of information related to Chinese cyber agencies
    • b) EPFO’s acknowledgment of the breach
    • c) Certification from Cert-In regarding the breach
    • d) EPFO’s successful containment of the breach
    • Answer: a) A leaked trove of information related to Chinese cyber agencies
  3. Which organization initiated an investigation into the leaked data?
    • a) EPFO
    • b) Indian Express
    • c) Cert-In (Indian Computer Emergency Response Team)
    • d) Chinese cyber agencies
    • Answer: c) Cert-In (Indian Computer Emergency Response Team)
  4. What does the National Cybersecurity Reference Framework (NCRF) aim to achieve?
    • a) Promote international collaboration in cybersecurity
    • b) Create guidelines for data breach response
    • c) Develop cybersecurity legislation
    • d) Enhance cybersecurity in critical sectors using domestically developed products and services
    • Answer: d) Enhance cybersecurity in critical sectors using domestically developed products and services