MUMBAI: Israeli cybersecurity firm vpnMentor has said it discovered a data breach of personal records of around 7 million individuals, which were used for onboarding them to the BHIM app, lying in an unsecured server. The information includes in some cases images of Aadhaar cards and UPI identifiers onboarded by associates of CSC e-Governance Services India, which maintains the government common service centres (CSCs) across the country.
The unsecured data was detected by Noam Rotem and Ran Locar, who are part of vpnMentors research team. “We detected the breach on April 23 and contacted Indias CERT (central emergency response team) on April 29, and until last week the data continued to be available,” Rotem told TOI.
Responding to the vpnMentors statement, CSC e-Governance Services said, “Data points like merchant virtual payment address (VPA) were kept public for larger transparency of the system. The project portal & data have been hosted on Indian servers located within the country. Static pages of the portal, including e-texRead More – Source