Taking action against Truecaller data breach, in which thousands of users were registered to the Unified Payment Interface (UPI) account without their consent, the National Payments Corporation Of India (NPCI) has barred the platform from adding new users on the UPI platform.
Dilip Asbe, in response, to Internet Freedom Foundation (IFF) said that as soon as the bug was noticed on July 31, NPCI stopped Truecaller from onboarding user addition services on UPI platform.
The matter is still being investigated, the response added.
Earlier on August 1, the IFF had written back to the NPCI apprising about the data breach seeking immediate action on the matter.
Later, Truecaller acknowledging the presence of UPI bug had apologized.
After facing flak from the users on Twitter, Truecaller fixed the bug in the new version. The company, however, said that only 0.12% of its total monthly users in India were affected by the bug.
Truecaller’s CEO Alan Mamedi clarified that the registration process was not finished for any of the affected users, as they were not asked to create a UPI Pin code. Mamedi also assured that bank accounts or financial details of users were not compromised and they promptly removed the bug from its app.
This is not a first such incident involving Truecaller. In May, the app was allegedly selling users data on the dark web at Rs 1.5 lakh.
Taking note of the incident, NPCI had also said to take action against the app if it found non-compliant with users consent.
Meanwhile, the IFF also emphasised on users data privacy, safety and security and urged the NPCI to keep a close eye on the industry and curb breach incidents.