Sachin Bansal’s Navi should get serious on privacy

Why read this story?

Editor's note: On 3 December 2021, the mobile screens of thousands across the country displayed a curious text message on behalf of Navi Finserv, a non-bank lender owned by Flipkart co-founder Sachin Bansal’s Navi Technologies. “Dear xx, Congratulations!! Your PAN [unmasked 10-digit Permanent Account Number] is eligible for a pre-approved personal loan of Rs xx lakh from NAVI. Apply now (through this link),” it read. One 40-year-old resident of Mumbai was one of the recipients of the controversial SMS. He had never applied for a loan with Navi, or with any other lender for that matter. He can’t think of any action online that could have given Navi permission to access his PAN details for a loan offer. “Perhaps, that one time in September when I used HDFC Bank’s website to pull my credit report to apply for a visa. The leak could have happened from the credit bureau’s side?” he wonders. Not only did Navi Finserv access his leaked PAN, it was also somehow used to arrive upon a customized loan offer for him and many others against their PAN. “I …