Hajra Naz
A recent cloud data breach in India has exposed hundreds of thousands of sensitive banking documents, including account numbers, transaction details, and personal contact information. The incident has raised serious concerns about cybersecurity and data protection in the country’s financial sector.
How the Data Leak Happened
Cybersecurity researchers at UpGuard discovered a publicly accessible Amazon-hosted cloud storage server in late August. The server contained 273,000 PDF documents detailing bank transfers of Indian customers.
These files included completed transaction forms intended for processing via the National Automated Clearing House (NACH), a centralized system used by banks in India to facilitate high-volume recurring payments such as salaries, loan repayments, and utility bills.
The exposed data spanned at least 38 different banks and financial institutions, highlighting a potentially widespread lapse in cloud security and data management practices.
Read More: Over 250 Million Personal Records Exposed in Massive Global Data Breach
Security Lapses and Unanswered Questions
It’s still unclear why the data was left publicly accessible. Experts say these breaches often happen due to human error, misconfigurations, or weak cloud security protocols.
Even after the discovery, it remained uncertain who was responsible for securing the data or alerting the affected individuals.
Key Findings from UpGuard
Out of a sample of 55,000 documents, over half contained information related to Aye Finance, an Indian lender that filed for a $171 million IPO last year. The State Bank of India, a government-owned institution, was the next most frequently mentioned bank in the sample.
After identifying the exposed files, UpGuard contacted Aye Finance through multiple channels — including corporate and customer care emails — and also alerted the National Payments Corporation of India (NPCI), which oversees the NACH system.
Response and Data Securing
By early September, the server was still receiving thousands of new files daily. UpGuard subsequently reported the breach to CERT-In, India’s computer emergency response team. Shortly after, the exposed data was secured.
However, responsibility for the lapse remains unclear:
-
NPCI confirmed that the exposed data did not originate from its systems.
-
Aye Finance and State Bank of India did not respond to requests for comment regarding the breach.
The incident highlights a pressing issue: even as India’s financial sector digitizes rapidly, cloud security and data privacy practices lag, leaving sensitive customer information vulnerable.
The Bigger Picture
This financial data leak underscores the urgent need for banks and fintech companies in India to implement robust cybersecurity measures, including:
-
Regular cloud security audits
-
Strong encryption protocols for sensitive data
-
Continuous employee training on data handling
-
Multi-layered access controls for financial systems
Experts warn that such breaches not only compromise customer trust but could also have serious regulatory and financial implications.
Read More: US Government Faces Historic Data Breach: Millions at Risk
FAQs
1. How many documents were exposed in the breach?
Researchers found 273,000 PDF files containing sensitive banking information on an unsecured cloud server.
2. Which banks were affected?
The exposed data involved at least 38 banks and financial institutions, including Aye Finance and the State Bank of India.
3. Was the National Payments Corporation of India (NPCI) responsible?
No. NPCI confirmed that the exposed files did not originate from their systems.
4. How was the data breach discovered?
The cybersecurity firm UpGuard discovered the publicly accessible Amazon cloud server in late August 2025.
5. Has the data been secured?
Yes. After notifying CERT-In, the exposed data was secured, but no organization has taken full responsibility for the initial lapse.
