A data spill from an unsecured cloud server exposed hundreds of thousands of sensitive bank transfer documents in India, revealing account numbers, transaction figures, and individuals’ contact details. Cybersecurity firm UpGuard discovered the publicly accessible Amazon-hosted storage server containing 273,000 PDF documents. The exposed files contained transaction forms intended for processing via the National Automated Clearing House (NACH). The data was linked to at least 38 different banks and financial institutions. NuPay confirmed that it addressed a configuration gap in an Amazon S3 storage bucket that contained the bank transfer forms. UpGuard disputed NuPay’s claims, stating that only a few hundred files appeared to contain test data or had NuPay’s name on the forms.