Bharat Sanchar Nigam Limited (BSNL), India's state-owned telecom company, suffered a catastrophic data breach that exposed 278 GB of sensitive user information.
According to research, the disclosed data included important information such as International Mobile Subscriber Identity (IMSI) numbers, SIM card specifics, and even home location register data.
This concerning event occurred only six months after a previous data leak in December 2023, raising severe worries about BSNL's cybersecurity procedures.
According to Kanishk Gaur, CEO of Athenian Technology:
“The data breach was caused by a malicious actor 'kiber phant0m', who comprised approximately 278 GB of data from BSNL's telecom operations. This includes server snapshots, which might be used for SIM cloning and other major illegal acts like extortion.”
Gaur further added:
“The state-owned telecom operator experienced a similar data leak in December of last year.
The threat actor behind the most recent hack has openly said that the compromised data is worth $5,000. The compromised data is defined as 'complicated and important', going beyond ordinary user information to target the key operational systems of BSNL.”
#PBNBHARAT : BSNL data breach exposes 278 GB of sensitive telecom info, the second incident in six months#PBNBHARAT #BSNL #BSNLIndia #bsnldatabreach #Goa #goabusiness #business #entrepreneur #motivation #marketing #success #smallbusiness #businesschannel #entrepreneurship pic.twitter.com/CT7mZaCNQD
— PBN BHARAT (@PBNBHARAT) June 26, 2024
This is the second time in six months that the state-owned telecom operator has had a data leak.
In December of last year, a threat actor using the identity "Perell" posted a "sample dataset" on a dark web forum, which included sensitive information about BSNL fiber and landline users.
The dataset includes around 32,000 lines of data, with the threat actor claiming that the overall number of lines across all databases exceeds 2.9 million.
Due to these hacking attempts, BSNL will likely strengthen its cybersecurity defenses. Immediate steps may include:
Last month, the Ministry of Home Affairs' cybercrime unit launched the 'Pratibimb' app, which helps law enforcement hunt down cyber criminals in real-time.
The Department of Telecommunications also launched the Digital Intelligence Platform, which allows stakeholders to share real-time information, and the Chakshu portal, which allows users to report fraudulent messages.
The BSNL data leaks expose telecom vulnerabilities. This incident highlights the significance of attention for telecom providers and customers.
While telecom providers must establish strong cybersecurity security measures, you can take proactive efforts to secure their data.
You can avoid being a target victim of data breaches or identity theft by following the best privacy practices.
Use PurePrivacy to secure your data from illegal access, unwanted prying eyes, and get added privacy on all platforms.