Lok Mandate

UMANG Portal Flaws Allegedly Exposed Sensitive User Data, Researchers Report

Independent researchers have reported significant vulnerabilities in the UMANG portal, potentially exposing sensitive data like UAN, LPG booking details, and Aadhaar numbers.

Lok Mandate DeskJuly 14, 20262 min read
UMANG Portal Flaws Allegedly Exposed Sensitive User Data, Researchers Report

A recent report by independent security researchers has highlighted significant vulnerabilities within the UMANG (Unified Mobile Application for New-age Governance) portal, potentially exposing sensitive personal data of millions of Indian citizens. The flaws, reportedly present across hundreds of government services integrated into the app, raise serious concerns about digital privacy and the security of online public utilities.

Among the critical information allegedly compromised were users' Universal Account Numbers (UAN) linked to the Employees' Provident Fund Organisation (EPFO). Additionally, details pertaining to LPG cylinder bookings with at least one major oil marketing company were exposed. Crucially, the researchers also found instances where Aadhaar numbers were accessible across several services that store user identification details.

The UMANG app, developed by the Ministry of Electronics and Information Technology (MeitY), serves as a crucial single-point platform for accessing a wide array of central and state government services, from tax payments to passport applications. The reported data exposure underscores the immense challenge of maintaining robust cybersecurity infrastructure as India increasingly moves towards digital governance and service delivery.

While specific details about the nature of the vulnerabilities or the exact number of affected users were not immediately disclosed, the findings emphasise the imperative for continuous audits and stringent security protocols for platforms handling sensitive citizen data. Ensuring the integrity and confidentiality of personal information remains paramount for fostering public trust in India's digital initiatives.