NPCI Stops Onboarding Truecaller Users on UPI After Data Breach

The National Payments Corporation of India (NPCI), in a letter to the Internet Freedom Foundation, stated that it has stopped onboarding new Truecaller users on its UPI platforms.

“We wish to reiterate that no sooner the bug was noticed on 30 July 2019, NPCI has stopped Truecaller new user onboarding services on UPI platform,” wrote Dilip Asbe, NPCI Managing Director and CEO.

IFF had written to NPCI on 1 August, expressing concern about the “non-consensual automated sign-ups for UPI,” and urged it to undertake an investigation into the security breach.

A bug in caller-ID app Truecaller risked its users’ financial data on Tuesday, 30 July. The app, which helps people avoid spam callers, started registering users to the Unified Payment Interface (UPI) account without their permission.