Add The Wire As Your Trusted Source
For the best experience, open
https://m.thewire.in
on your mobile browser.
HomePoliticsEconomyWorldSecurityLawScienceSocietyCultureEnvironmentEditors-PickVideo
AdvertisementAdvertisement
home / Banking

Cybersecurity Researcher Flags Exposure of Personal Data on RBI’s Udgam Platform: Report

The platform, Unclaimed Deposits Gateway to Access Information (Udgam), includes 30 participating banks and allows users to search records of unclaimed deposits.
article_Author
The Wire Staff
  • whatsapp
  • fb
  • twitter
The platform, Unclaimed Deposits Gateway to Access Information (Udgam), includes 30 participating banks and allows users to search records of unclaimed deposits.
cybersecurity researcher flags exposure of personal data on rbi’s udgam platform report
Reserve Bank of India (RBI) headquarters, in New Delhi, February 23, 2026. Photo: Karma Bhutia/PTI.
Advertisement

New Delhi: A platform launched by the Reserve Bank of India (RBI) to help people trace unclaimed bank deposits allegedly exposed personal information linked to dormant accounts, according to an independent cybersecurity researcher, the Mint reported.

The platform, Unclaimed Deposits Gateway to Access Information (Udgam), includes 30 participating banks and allowed users to search records of unclaimed deposits until May 25 using a mobile number and one-time password.

Cybersecurity researcher Avinash Jain said RBI documentation for the Udgam only permits the disclosure of names, places, bank names and UDRNs. However, the searchable records on Udgam included residential addresses as well.

Jain said that residential addresses were not listed among the approved output fields in the user manual or other RBI documents. He informed the Cyber Emergency Response Team (Cert-In) about the issue through email on May 24, the report said.

According to Jain, public access to address details could increase the risk of phishing attempts, impersonation and financial fraud, as the information could be used to gain trust and obtain additional personal data.

Advertisement

The RBI has also not disclosed the total number of dormant account entries available through the platform.

Jain, who has worked in cybersecurity roles at companies including Cred and Microsoft, said the issue may have existed since the platform was launched in August 2023.

Advertisement

According to the report, access to Udgam was disrupted on Tuesday after its login system stopped functioning. It was not immediately known whether the platform had been updated or patched.

A day earlier, Cert-In issued a directive on fixing vulnerabilities in critical internet-facing systems. The advisory said known vulnerabilities in such systems should be addressed within 12 hours where feasible.

Advertisement

Cybersecurity experts cited by Mint said the exposed information could potentially be combined with data from leaked databases to identify details such as PAN and Aadhaar numbers.

Advertisement

This article went live on May twenty-eighth, two thousand twenty six, at forty-eight minutes past one in the afternoon.

The Wire is now on WhatsApp. Follow our channel for sharp analysis and opinions on the latest developments.

Advertisement
Advertisement
tlbr_img1 Series tlbr_img2 Columns tlbr_img3 Multimedia