Data breach exposes bank transfer records of over 2.7 lakh users
A big data breach has put over 2.73 lakh bank transfer records at risk.
On August 26, 2025, cybersecurity firm UpGuard found an unsecured Amazon cloud server holding about 273,000 PDF files with unredacted NACH payment mandates—these included names, phone numbers, account numbers, and transaction amounts.
Leaked info came from 38 banks and finance companies
The leaked info came from 38 banks and finance companies—Aye Finance alone made up nearly 60% of the data. Other affected names include SBI, Bank of Baroda, Punjab National Bank, and Muthoot Capital.
Even after UpGuard alerted Aye Finance and NPCI in late August, new files kept appearing until CERT-In secured the server on September 4.
The good news: Aadhaar and PAN details weren't exposed. Investigations are still ongoing to figure out exactly how this happened—and who's responsible.