New Delhi: Millions of users of the government’s digital payment app BHIMmay be vulnerable to cyber-attacks and e-frauds due to an alleged data breach, according to a report by a virtual private network (VPN) review website.
The breach has exposed 7.26 million records such as names, date of birth, age, gender, addresses and Aadhaar card details among others to the public domain, vpnMentor wrote in a blog post.
“The scale of the exposed data is extraordinary, affecting millions of people all over India and exposing them to potentially devastating fraud, theft, and attack from hackers and cyber criminals,” it wrote on Sunday.
The website also claimed that the data was leaked due to a security oversight by the company CSC e-Governance Services Ltd, which provides government’s digital services in rural areas.
According to the research led by vpnMentor’s Noam Rotem and Ran Locar, CSC connected the new website to a misconfigured S3 bucket to promote BHIM usage across India and sign up new merchant businesses. This was not protected with security protocols.
However, the National Payments Corporation of India (NPCI), which manages the app, dismissed the report and claimed that all data is secured.
“We have come across some news reports which suggest data breach at BHIM App. We would like to clarify that there has been no data compromise at BHIM App and request everyone to not fall prey to such speculations. NPCI follows high level of security and an integrated approach to protect its infrastructure and continue to provide a robust payments ecosystem,” NPCI said in its statement.