A major cybersecurity incident has exposed more than 273,000 sensitive bank transfer documents in India, raising concerns over the security of financial data across the country’s banking sector.
The breach was discovered in late August by researchers at cybersecurity firm UpGuard, who found a publicly accessible Amazon Web Services (AWS) storage server containing thousands of PDF files. These documents included bank account numbers, transaction amounts, and customer contact details, all linked to transfers processed through India’s National Automated Clearing House (NACH) system.
NACH is widely used by Indian banks to facilitate large-scale recurring transactions, including salary payments, loan repayments, and utility bills. According to UpGuard, the exposed records were connected to at least 38 banks and financial institutions.
Data secured, but responsibility unclear
Despite the sensitive nature of the documents, it remains unclear who caused the server misconfiguration or who is responsible for notifying affected individuals. UpGuard noted that out of a sample of 55,000 records, over half referenced Aye Finance, a lender that filed for a $171 million IPO in 2024. The State Bank of India (SBI) was also frequently mentioned in the leaked files.
After discovering the exposure, UpGuard alerted Aye Finance, the National Payments Corporation of India (NPCI), and later India’s Computer Emergency Response Team (CERT-In). Although the data was eventually secured in early September, the researchers reported that files were still being uploaded to the exposed server as late as September 1.
NPCI has denied any link to the breach. “A detailed verification and review have confirmed that no data related to NACH mandate information/records from NPCI systems have been exposed or compromised,” NPCI spokesperson Ankur Dahiya told TechCrunch.
Neither Aye Finance CEO Sanjay Sharma nor representatives from the State Bank of India responded to requests for comment.
Related: How Cyber Resilience Gives Small Businesses a Competitive Edge in 2025
The incident highlights ongoing risks posed by cloud misconfigurations and underscores the urgent need for stronger cybersecurity practices across India’s financial sector.
