No data breach in BHIM, says national payments body after web sleuths claim lakhs ‘exposed’

New Delhi: The National Payments Corporation of India (NPCI) has denied any data breach or compromise related to the Bharat Interface for Money (BHIM), the government-backed digital payments app.

The NPCI made the clarification after vpnMentor, a site that reviews virtual private network (VPN) services, said in a report Sunday that data of “millions of users”, including Aadhaar and PAN details, had been left exposed to the public. 

“We have come across some news reports which suggest data breach at BHIM App. We would like to clarify that there has been no data compromise at BHIM App and request everyone to not fall prey to such speculations,” the NPCI said in a statement Monday. 

“The NPCI follows high level of security and an integrated approach to protect its infrastructure and continue to provide a robust payments ecosystem”.

The NPCI was incorporated as a not-for-profit organisation to help create robust payment infrastructure in India. It is an initiative of the Reserve Bank of India (RBI) and Indian Banks’ Association (IBA).

Also Read: Govt ‘thanks’ French ethical hacker who flagged Aarogya Setu, but dismisses security concern

‘Breach fixed’

The vpnMentor report claims the breach appears to be closed now. It states that researchers from vpnMentor had first contacted CERT-In on 28 April, and action on the breach was taken on 22 May.

Developed by the NPCI, the BHIM app was launched in 2016 by PM Modi. The NPCI also manages the UPI, the unified payments interface, or a system that allows instant money transfer between bank accounts through mobile apps.

According to NPCI data, BHIM app had been downloaded an estimated 13.6 crore times as of 8 April 2020. In April alone, the data states, over Rs 4,000 crore worth of transactions were made via BHIM.

Also Read: ‘Pay safe, stay safe’: Modi govt encourages digital payment amid coronavirus scare

This is an updated version of the report