BHIM (Bharat Interface for Money) is an Indian mobile payment app developed by the National Payments Corporation of India (NPCI), a government body. The service is popular, especially with younger and more affluent members of the Indian community. The app links an individual’s mobile number with their bank account details. It is the type of app that some analysts hope will help boost the digital economy within India.
It was reported earlier that the payment application had suffered from a data breach. It is now emerging that the full extent of the data breach led to the personal details of thousands of users being exposed. The type of data exposed would enable a hacker to link together details of the user, through combining different elements of the released personal identifying information.
According to Ed Macnair, CEO of Censornet: “Once again, a large organisation has failed to take responsibility for the data of its customers. It is simply unacceptable that more than seven million users have been exposed as a result of another misconfigured cloud server and it is even more worrying that some of that data belonged to children.”
Commenting for Digital Journal, Macnair, explains that with this particular breach the stakes are high: “Cyber criminals have all they need and more to launch sophisticated and targeted attacks with potentially devastating financial consequences.”
Macnair then turns his attention to the root of this, and similar, problem – poorly maintained cloud services. Here the analyst notes: “As more organisations move their data to the cloud, it is imperative that they understand that this comes with greater responsibilities and different security challenges. No matter their size, companies need to be cautious and implement technology that offers them visibility and control over how their data is being handled.”
There are, nonetheless, measures that can be adopted, Macnair advises: “When it comes to cloud infrastructure configuration, one instance of human error can put large amounts of sensitive data in the hands of hackers. In order to prevent leaks such as these, it is crucial that a multi-layered security posture is combined with best practice policies, employee awareness and the right technology.”