JAKARTA Thousands of documents from a number of banks in India were leaked and accessible on the internet. This document is known to contain sensitive data such as account numbers, transaction numbers, customer contacts, and others.

This data leak was discovered late last August by researchers at UpGuard, a cybersecurity firm. The researchers found an Amazon-hosted storage server that can be accessed publicly.

When it opened, it turned out that the server contained 273,000 PDF documents regarding user transfer transactions from a bank. This server was exposed without any passwords or other types of protection.

A number of exposed files contain complete transaction forms that need to be processed by the National Automated Clearing House (NACH). This is a centralized system for banks in India to facilitate high-volume transactions such as payment of salaries, loans, and utilities.

UpGuard researchers say that the data they found relates to 38 different banks and financial institutions in India. Until this news was made, it was still uncertain who caused hundreds of thousands of these documents to be leaked on the internet.

In a sample of 55,000 documents reviewed by UpGuard, more than half of the files name Aye Finance, an Indian loan-giving company. The next name that most often appears is the State Bank of India.

The researchers have notified Aye Finance to NPCI, the agency that manages the NACH system, to address this problem. However, user data is still exposed on the internet until early September.

Not only allowed to circulate freely, this sensitive data continues to increase every day. According to UpGuard’s findings, there are thousands of new files that continue to appear on the server.

After contacting India’s CERT-In computer emergency response team, thousands of exposed data were successfully secured. Although inaccessible, no party has been blamed or asked to take responsibility for the leak of user data.

Until now, the Aye Finance and State Bank of India did not provide any statement. However, NPCI spokesman Ankur Dahiya told TechCrunch that the exposed data did not come from their system.

The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language.
(system supported by DigitalSiber.id)