A data breach on the CSC BHIM website has reportedly exposed personal data of more than seven million users.

The website is used to promote mobile payment app BHIM, which was developed by the National Payments Corporation of India (NPCI).

According to Israeli cybersecurity website vpnMentor, 409GB of data were exposed including highly sensitive personal information such as Aadhaar card details, residence proof and bank records.

The leak was first identified in April and remained publicly available until 22 May. It is expected to contain records from February 2019, the Economic Times reported quoting the cybersecurity website.

Cybersecurity researchers Noam Rotem and Ran Locar, who identified the breach, was quoted by the publication as saying: “The sheer volume of sensitive, private data exposed, along with UPI IDs, document scans, and more, makes this breach deeply concerning.

“The exposure of BHIM user data is akin to a hacker gaining access to the entire data infrastructure of a bank, along with millions of its users’ account information.”

However, NPCI issued a statement refuting the claims of the Israeli cybersecurity website on the breach.

The statement said: “We have come across some news reports which suggest data breach at BHIM App. We would like to clarify that there has been no data compromise at BHIM App and request everyone to not fall prey to such speculations.

“NPCI follows high level of security and an integrated approach to protect its infrastructure and continue to provide a robust payments ecosystem.”