70 lakh users BHIM data exposed!

vpnMentor an Israeli cybersecurity research team discovered a massive amount of incredibly sensitive financial data connected to India’s mobile payment app BHIM that was exposed to the public.

  • Date Company contacted: 5th May 2020
  • Date of Action: approx. 22nd May 2020

Source: vpnMentor

Most of the records were from the period February 2019

Information Included

  • Scans of Ardaar cards – India’s national ID
  • Scans of Caste certificates
  • Photos used as proof of residence
  • Professional certificates, degrees, and diplomas
  • Screenshots taken within financial and banking apps as proof of fund transfers
  • Permanent Account Number (PAN) cards (associated with Indian income tax services)

The private personal user data within these documents gave a complete profile of individuals, their finances, and banking records:

  • Names
  • Dates of birth
  • Age
  • Gender
  • Home address
  • Religion
  • Caste status
  • Biometric details
  • Profile and ID photos, such as fingerprint scans
  • ID numbers for government programs and social security services

Source: vpnmentor