A major security lapse exposed hundreds of thousands of sensitive Indian bank transfer records on an unsecured Amazon cloud storage server. The leaked documents included bank account numbers, transaction amounts, and personal contact details.
Cybersecurity firm UpGuard discovered the breach in late August, finding around 273,000 PDFs containing completed transaction forms processed through India’s National Automated Clearing House (NACH), a system for high-volume recurring payments like salaries and loan repayments.
Data from at least 38 banks and financial institutions, including private fintech firms and state-owned banks, was exposed. In a sample of 55,000 documents, over half were linked to Aye Finance, which recently filed for a $171 million IPO, with the State Bank of India also frequently appearing.
UpGuard alerted Aye Finance, the National Payments Corporation of India (NPCI), and India’s Computer Emergency Response Team (CERT-In). The data remained publicly accessible until it was secured after these warnings.
While Aye Finance and NPCI denied responsibility, fintech company Nupay admitted the leak was due to a “configuration gap” in its Amazon cloud storage. Nupay’s COO Neeraj Singh claimed the bucket mostly contained test records with no unauthorised access or financial harm. UpGuard disputed this, noting only some files were test data and questioning the completeness of Nupay’s access logs.
The exposed server had also been indexed by third-party databases, increasing the risk of exploitation. This incident shows ongoing challenges with cloud security misconfigurations, a leading cause of breaches worldwide, often due to human error.
As India’s banking sector digitises swiftly, regulators like the Reserve Bank of India have introduced stricter cybersecurity rules. Experts stress the importance of regular cloud audits, strong access controls, and monitoring to prevent similar incidents.
Though the leak is now closed, it raises concerns about data security in India’s expanding digital financial ecosystem amid growing fintech usage.