No data breach of customers' financial details with BHIM app, says NPCI

Reacting to the allegations of security chinks at a partner's end, the NPCI said an independent verification of the news was undertaken and no data breach was found

The National Payments Corporation of India (NPCI), which runs the BHIM App, on Tuesday asserted that there has been no data compromise pertaining to the popular small payments application.

Reacting to the allegations of security chinks at a partner's end, the NPCI said an independent verification of the news was undertaken and no data breach compromising financial details of customers was found. The BHIM App has so far had 136 million downloads. 

Vpnmentor, an Israeli ethical hacking and research firm, had on Monday claimed that data of over 7 million BHIM users was alleged to have been potentially exposed due to the suspected chink in the architecture of CSC e-governance Services, one of the partner entities which helped popularise the app.

The research firm had also said that a host of personal details like the PAN cards, screenshots of financial transaction histories etc were exposed.

The NPCI explained that CSC in 2018 was working on a project to educate and activate village level entrepreneurs on digital payments and also educating them to create Merchant Virtual Payment Address (VPA) and added that most of these VPAs were not valid UPI IDs.

After the allegations surfaced, NPCI engaged a digital risk monitoring firm, it said, adding that there is no data leak with respect to the BHIM app.