A data that is wasted from a non -calculated cloud server has exhibitions of thousands of sensitive bank transfer documents in India that reveal account numbers, transaction number and individual contact information.
Researchers at CyberSecurity Firm Upguard discovered a publicly available Amazon-hosted stock server containing 2733,000 PDF at the end of August.
The exposed files continued completed transaction forms intended for processing via National Automated Clearing House, or NACH, a centralized system used by banks in India to facilitate recurring transactions with high volume, such as asshaires, repayments of loans and use payments.
The data was linked to at least 38 different banks and financial institutions, the researchers told TechCrunch.
It is not clear why the data was left public exhibition and available to the Internet, although security courses of this kind are not uncommon due to error configurations and human errors.
But it is still unclear who has caused the emissions of data that secured them and who is ultimately responsible for warning those who were personal data were the exhibition.
Data secured but no one accepts the blame
In his blog post, describing his findings, the Upguard researchers said that out of a 55,000 documents test mentioned more than half of the files the name of the Indian lender Aye Finance, which had filed an IPO of $ 171 million last year. The Indian state -owned State Bank of India was the next institution shown after frequency in the test documents, according to the researchers.
After discovering the exposed data, Upguard’s researchers informed Aye financing through its business, customer care and complaint addresses. Researchers also warned the National Payments Corporation of India or NPCI, the government body responsible for managing NACH.
At the beginning of September, the researchers said the data was still exposed to and that thousands of files were added to the exposed server daily.
Upguard said it then warned India’s computer economic reaction team, cert-in. Shortly after, the exhibition data was secured, the researchers told TechCrunch.
But no one seems to want to take responsibility for the security course.
When he reached how, NPCI spokesman Ankur Dahiya Techcrunch told the exhibition data did not come from its system.
“A detailed verification and review has confirmed that no data related to NACH mandate information/items from the NPCI system has been exhibitions/compromised,” the spokesman in an E email sent to TechCrunch said.
Aye Finance co-founder and CEO Sanjay Sharma did not respond to a request for how from TechCrunch. The state bank in India also did not respond to a comment request.