Data breach exposes 2.73 lakh bank records

Core Insights - A significant data leak involving bank transfer records has been identified, compromising sensitive information such as names, banking details, and contact information [8][9] - The data leak was traced to an unsecured Amazon cloud server containing over 273,000 files, with each file documenting individual bank transactions [8][9] - The National Payments Corporation of India (NPCI) confirmed that the data leak did not originate from its systems, indicating that the exposed data belonged to multiple banks and non-bank lenders [3][9] Data Leak Details - The exposed data was spread across 38 banks and non-bank lenders, with Aye Finance being disproportionately affected, accounting for 59.63% of the records [3][9] - Other affected institutions included State Bank of India (24.22%), Muthoot Capital (13.31%), Bank of Baroda (11.13%), and Punjab National Bank (10.6%) [9] - UpGuard, the cybersecurity firm that discovered the breach, downloaded 55,000 files and monitored the server, noting that approximately 3,000 files were being added daily [4][9] Response and Investigation - UpGuard notified Aye Finance about the data leak on August 27 and escalated the issue to NPCI and CERT-In, the government agency for cyberattacks, securing the exposed bucket by September 4 [4][5][9] - Aye Finance stated that the misconfiguration leading to the leak could have occurred at any point in the NACH environment, which involves multiple parties [6][9] - The vendor managing ACH mandates confirmed that the folder did not contain sensitive identifiers like KYC or Aadhaar numbers, but rather unsigned ACH mandate applications [7][9]