- Security researchers have claimed that flaws in the UMANG portal could expose UAN, Aadhaar numbers and other sensitive information.
- The Ministry of Electronics and Information Technology has acknowledged some of the security flaws and said that measures are in progress.
- According to experts, if these flaws are misused, cyber criminals can change the bank account information and try to siphon off the PF amount.
This is very worrying news for lakhs of employed workers in the country. The Umang portal, which brings together hundreds of central and state government services, has found serious security flaws, putting employees’ hard-earned money and personal data at risk. The Employees Provident Fund Organization (EPFO) has shut down some services on its online portal citing migration after two security researchers disclosed this.
Smartphone Tips: Looking at the phone screen hurts your eyes? Change these settings immediately; Eyes will get relief
The EPFO module on the Umang app is the most used service, with more than 40 crore transactions recorded on it in the last 3 months. Due to this technical error, the security and privacy of common employees who have opted for fully digital option for their pension and PF has been seriously questioned. (Photo Courtesy: Pinterest)
Researcher Akshay C.S. And Viral Vaghela explained that these flaws have probably existed for years and affect many of the services checked on the Umang portal, which currently offers more than 2,400 services. He said the root of the problem lies in the infrastructure of the portal. According to Vaghela, its design itself is fundamentally flawed. The exposed data included EPFO’s Universal Account Number (UNA), details of LPG cylinder bookings from at least one major oil marketing company and Aadhaar numbers stored on several services that store users’ identity information. Aadhaar numbers are found on many services without any security coding (plaintext), which prohibits such data storage under the Aadhaar Act, 2016.
Errors admitted by the Ministry
The Ministry of Electronics and Information Technology has acknowledged these security flaws. According to the ministry, the API transaction logs for the last three months have been reviewed. The report claims that these loopholes still exist despite government measures. While they could still be penetrated using a simple alternative route, Akshay and Vaghela reported both the flaws to the Ministry of Information Technology and the Computer Emergency Response Team, India, which issues alerts and remedial measures to organizations across the country regarding such security flaws.
High risk of money theft
According to reports, if a cyber fraudster already has your UNA number, he can exploit this loophole. He can hack the portal, change your bank account number, transfer (payout) your PF amount to his own account.
BSNL Broadband Plan: Increased tension of Jio-Airtel! Govt Telecom Company Launches Cheap Broadband Plans, Powerful Benefits at Low Price
Yet the information continues to be withheld
The initial security measures taken by the government after the flaw was discovered failed to secure the system, instead of fixing the problem, they only tried to cover it up, creating a new technical flaw instead of strengthening security.
(Disclaimer: This is an automated news feed of Navarashtra newspaper. It is not edited by navarashtra.com staff.)
-
FCI rejected the claim of rice embezzlement of Rs 1160 crore, called it misleading, investigation continues

-
Diabetes Prevention Tips: Have you stopped eating fruits due to fear of sweets? New research reveals shocking facts about type 2 diabetes

-
A five-year-old prediction is suddenly the talk of football Twitter

-
5 Zodiac Signs Have Great Horoscopes On Thursday, July 16, 2026

-
Seeing bargain offers on Facebook? One mistake can make your bank account empty, big alert from police
