The Employees Provident Fund Organisation (EPFO) has predictably denied any data theft, following reports of leak of sensitive citizen data from its servers. The leak appears to be linked to the compromise of the trusted interconnection channel which connects the EPFO server with UIDAI system, used for seeding and authentication of Aadhaar for its users. Understandably, citizens are jittery about yet another case of data leak, linked to Aadhaar system. About 2.75 crore people are said to have linked their Aadhaar with EPFO. And the leak is not just related to demographic data of users, but also their application data such as salary.Multiple actors seem to be involved in the EPFO episode, without a single agency and a designated person in full command; besides EPFO and its internal IT team, who are the owners of the application and hence accountable. Others such as Common Service Centre of the ministry (read MeitY) are also involved, though their precise remit is unclear. It is not clear who were the outsourced agencies involved in design, IT infrastructure operation, software development, application code development and maintenance, system upkeep, interconnection with Aadhaar and customer service handling. Apart from EPFO announcing that ‘it has taken advanced action by closing the server and host service’, it is not owning up responsibility for a compromise in the system leading to data leak or clarifying specifics of what had gone wrong and how and why.Merely issuing a denial as the EPFO has done is no way to handle IT systems involving public, Aadhaar or no Aadhaar. Could this be a case of too many cooks spoil the broth or poor project management in handling an e-governance project. Or is there a more fundamental problem in the design or operation of the channel that interconnects the IT systems of departments providing citizen services using Aadhaar with UIDAI system.One cannot know for sure, at least immediately, the full facts of the case until the EPFO issues a detailed clarification to raise public confidence, after taking corrective action.Given frequent leaks of sensitive citizen data in the recent times, much of it involving Aadhaar, it is incumbent on the part of government to clarify to public. Otherwise trying to link every service to Aadhaar will only see further erosion of credibility and that too when the Supreme Court is examining its Constitutional validity.