Researchers at cybersecurity firm UpGuard said in late August they discovered a publicly available Amazon server containing 273,000 PDF files related to Indian customers’ banking transactions, including account numbers, transaction values, and personal contact information.
State Bank of India (SBI) is the second most frequently mentioned name in the leaked documents. (Photo: Reuters)
These files include completed transaction forms processed through the National Automated Clearing House (NACH) – a centralized platform used by Indian banks to process large volumes of recurring transactions such as salary payments, loan payments or utility bills.
According to UpGuard, the leaked data involved at least 38 different banks and financial institutions. It is unclear why the data was left publicly available on the internet, but incidents like this are not uncommon, often due to configuration errors or human error.
The bigger problem is that it is still unclear who caused the leak, who is responsible for fixing it, and who is obligated to notify those whose personal data was affected.
In a report announcing the findings, UpGuard said that of the 55,000 documents it examined, more than half contained the name Aye Finance, a financial firm that filed for a $171 million IPO last year. State Bank of India (SBI) was the second most frequently cited name in the leaked documents.
Upon discovery, UpGuard sent an alert to Aye Finance via various email addresses and also notified the National Payments Corporation of India (NPCI) – the regulator of the NACH system.
However, by early September, the data was still exposed, with thousands of new files being uploaded to the server every day. UpGuard then contacted India’s Computer Emergency Response Team (CERT-In). The data was secured shortly thereafter, according to TechCrunch, citing researchers.
However, the issue of responsibility remains open.
NPCI spokesperson Ankur Dahiya told TechCrunch via email that the leaked data did not originate from NPCI's system: “ A detailed verification and review process has confirmed that no data related to NACH information/records in NPCI's system has been leaked or compromised ,” he said.
Meanwhile, Aye Finance co-founder and CEO Sanjay Sharma did not respond to a request for comment. The State Bank of India also remained silent when asked by TechCrunch for a response.
Source: https://vtcnews.vn/an-do-hon-270-nghin-giao-dich-ngan-hang-bi-ro-ri-tren-nen-tang-amazon-ar967586.html
![[Photo] Soldiers guard the fire and protect the forest](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/27/7cab6a2afcf543558a98f4d87e9aaf95)
![[Photo] Prime Minister Pham Minh Chinh attends the 1st Hai Phong City Party Congress](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/27/676f179ddf8c4b4c84b4cfc8f28a9550)
Comment (0)