Security Flaws in UMANG Portal Expose User Data
Cybersecurity researchers have reported multiple vulnerabilities in the UMANG portal that allegedly exposed sensitive user information, including EPFO Universal Account Numbers (UANs)
About UMANG
- UMANG (Unified Mobile Application for New-age Governance) is a Digital India initiative that provides citizens with a single platform to access various Central, State and local government services through a mobile app and web portal.
- Its main purpose is to eliminate the need for multiple government applications by offering services such as utility payments, certificates, pensions, provident fund and other public services in one place.
- It has been observed that UMANG has enabled easy and seamless access to citizen centric services through the single mobile platform with multilingual support and extended reach even to remote populations. The evaluation report by IIPA also brings out that UMANG has played a key role in reducing the need for physical interfaces by enabling citizens to access a wide range of government services digitally.
Nature of Vulnerabilities
Researchers claimed that the vulnerabilities originated from flaws in the portal’s architecture and may have existed for several years. Since UMANG acts as a common gateway for numerous services, weaknesses in the platform could affect multiple government databases.
The incident highlights the need for stronger data encryption, API security, regular security audits, access controls and privacy-by-design principles in integrated digital-governance platforms. A vulnerability in a common platform such as UMANG can potentially affect several public services simultaneously.