A major data exposure has revealed hundreds of thousands of sensitive bank transfer documents belonging to Indian customers after an unsecured cloud server was found publicly accessible online.
Cybersecurity firm UpGuard reported that in late August it discovered an Amazon-hosted storage server containing around 273,000 PDF documents linked to bank transfers. The exposed files included account numbers, transaction details and customer contact information.
The documents were related to transactions processed via the National Automated Clearing House (NACH), a centralised payment system used by Indian banks to handle high-volume recurring transactions such as salaries, utility bills and loan repayments. According to researchers, the data appeared on server to be connected to at least 38 banks and financial institutions.
From a sample of 55,000 documents, more than half referenced Aye Finance, an Indian lender that filed for a $171 million IPO last year. The State Bank of India was the second most frequently mentioned institution in the exposed server records, the researchers said.
UpGuard stated it notified Aye Finance through corporate, customer care and grievance redressal contacts, as well as informing the National Payments Corporation of India (NPCI), which oversees NACH. Despite the alerts, the data reportedly remained exposed into early September, with new files being added daily.
The situation was eventually secured after UpGuard escalated the matter to CERT-In, India’s national computer emergency response team. It is still unclear who was directly responsible for the exposure or for notifying affected individuals.
Researchers noted that misconfigured cloud servers are a recurring cause of such leaks, which can expose sensitive financial data to fraud and identity theft.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
