According to Information Security magazine, the data breach occurred after BHIM failed to securely store vast swathes of data collected from users and businesses during a sign-up campaign.
Bharat Interface for Money is a mobile payment App developed by the National Payments Corporation of India (NPCI), based on the Unified Payments Interface (UPI). The e-payments platform has been operating since 2016.
Despite reports about he data breach, the company are stating that the breach did not happen. This is indicated in the form of two statements. The first message from the company states that NPCI’s team has seen news reports of a data breach at the Bharat Interface for Money (BHIM) mobile application. The second issuance says that ‘there has been no data compromise at BHIM App’ and urges people to avoid falling prey to such ‘speculations’ (as reported on Cyclonis).
Looking into the implications, should the data breach have occurred, Cath Goulding, CISO Nominet tells Digital Journal that the impact could be significant, with the potential for personal data being exposed “including names, dates of birth, home addresses, card information and much more cannot simply be replaced or changed.”
These types of data, Goulding says, are of great value to hackers. She notes: “They could use it to impersonate customers of the bank and take fraudulent action, such as opening up false back accounts. The longer this type of information is at the fingertips of malicious actors, the more opportunity they have to use it. Reacting fast to this type of security breach is fundamental.”
Goulding focuses on the appropriate preventative measures: “It is vital that companies that handle such sensitive user data take all the necessary steps possible to ensure it is protected. Having a secure configuration in the cloud is vital and additional security services should also be considered. This incident demonstrates just how important it is to have all elements of your security infrastructure working together, from employees within the business, to resilient processes, through to best of breed technology.”