Particle.news
Download on the App Store
3 ARTICLES
·
1h ago

Aye Finance Says Vendor Error Caused NACH Data Leak of 273,000 Files

The bucket was secured after CERT-In was alerted, with ownership still unclaimed.

An employee counts 500 rupee banknotes at a currency exchange in New Delhi, India, on Saturday, Aug. 30, 2025. The Indian rupee slumped to a record low versus the dollar on concern that 50% US tariffs will hurt the country’s economic growth and corporate earnings. Photographer: Prakash Singh/Bloomberg

Overview

  • UpGuard found in late August an Amazon-hosted bucket exposing about 273,000 PDF NACH forms tied to at least 38 banks and financial institutions.
  • The documents revealed sensitive details such as bank account numbers, transaction amounts, and customer contact information, with roughly 3,000 new files being added daily until the leak was closed on September 4.
  • NPCI stated that its systems were not breached and that the exposed records did not originate from its infrastructure.
  • Aye Finance appeared in nearly 60% of sampled files; the company said its own servers were not misconfigured and attributed the exposure to Nupay, an integration partner that it says fixed a misconfigured bucket in early September.
  • Responsibility for the server remains disputed as no owner has been publicly identified, highlighting third-party and cloud-configuration risks that regulators have warned are rising in India’s financial sector.