70 lakh users BHIM data exposed!
vpnMentor an Israeli cybersecurity research team discovered a massive amount of incredibly sensitive financial data connected to India’s mobile payment app BHIM that was exposed to the public.
- Date Company contacted: 5th May 2020
- Date of Action: approx. 22nd May 2020
Source: vpnMentor
Most of the records were from the period February 2019
Information Included
- Scans of Ardaar cards – India’s national ID
- Scans of Caste certificates
- Photos used as proof of residence
- Professional certificates, degrees, and diplomas
- Screenshots taken within financial and banking apps as proof of fund transfers
- Permanent Account Number (PAN) cards (associated with Indian income tax services)
The private personal user data within these documents gave a complete profile of individuals, their finances, and banking records:
- Names
- Dates of birth
- Age
- Gender
- Home address
- Religion
- Caste status
- Biometric details
- Profile and ID photos, such as fingerprint scans
- ID numbers for government programs and social security services
Source: vpnmentor