Airpay

Cybercriminals have compromised Airpay, exposing sensitive financial data of thousands of users and businesses. Threat actors claim to have accessed KYC records, bank details, PAN numbers, business data, and contact information. This breach highlights critical vulnerabilities in payment gateway security, emphasizing the need for enhanced security measures.

Source: https://cybersecuritynews.com/airpay-payment-gateway-breach/

TPRM report: https://scoringcyber.rankiteo.com/company/airpay-india

"id": "air753072825",
"linkid": "airpay-india",
"type": "Breach",
"date": "7/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': 'Thousands',
                        'industry': 'Fintech',
                        'location': 'India',
                        'name': 'Airpay',
                        'type': 'Payment Gateway Provider'}],
 'attack_vector': 'Credential Injection Attack',
 'data_breach': {'data_exfiltration': 'Extensive',
                 'personally_identifiable_information': ['Full legal names',
                                                         'Dates of birth',
                                                         'PAN',
                                                         'Residential '
                                                         'addresses',
                                                         'Mobile numbers',
                                                         'Email addresses'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['KYC records',
                                              'Bank details',
                                              'PAN numbers',
                                              'Business data',
                                              'Contact information']},
 'description': 'Cybercriminals have allegedly compromised Airpay, one of '
                'India’s prominent digital payment gateway providers, exposing '
                'sensitive financial data of thousands of users and '
                'businesses.',
 'impact': {'brand_reputation_impact': 'Significant',
            'data_compromised': ['KYC records',
                                 'Bank details',
                                 'PAN numbers',
                                 'Business data',
                                 'Contact information'],
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High',
            'systems_affected': 'Payment Infrastructure'},
 'initial_access_broker': {'backdoors_established': 'Persistent Backdoors',
                           'data_sold_on_dark_web': 'Complete Database',
                           'entry_point': 'Credential Injection Attack',
                           'high_value_targets': ['KYC records',
                                                  'Bank details',
                                                  'Business data']},
 'lessons_learned': 'Enhanced multi-factor authentication, API security '
                    'protocols, and continuous security monitoring systems are '
                    'needed in India’s digital payments infrastructure.',
 'motivation': ['Financial Gain', 'Data Exfiltration'],
 'post_incident_analysis': {'root_causes': 'Credential Injection Attack'},
 'references': [{'source': 'Daily Dark Web reports'}],
 'title': 'Airpay Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Authentication Mechanisms'}