Seven Telecom Data Breach Incidents Reported Since December 2023: MoS Tells Parliament


CERT-In reported that a threat actor alias Kiberphant0m gained unauthorized root access to servers controlled by BSNL in May 2024 . (Getty File)

Former Punjab Chief Minister and now a member of Lok Sabha Charanjit Singh Channi asked Dr Pemmasani Chandra Sekhar, Minister of State (MoS) for Communications, about the action taken against the companies involved in data breaches

Two telecom data breaches were reported in 2023-24, while five in 2024-25 so far, Dr Pemmasani Chandra Sekhar, Minister of State (MoS) for Communications, told Parliament recently.

IN FISCAL YEAR 2023-2024

  • December 23, 2023: Reports surfaced indicating that a threat actor known as “perell” shared a post about a potential data leak involving Bharat Sanchar Nigam Limited (BSNL).
  • January 23, 2024: The Indian Computer Emergency Response Team (CERT-In) reported that a threat actor named CyboDevil promoted a sale on an underground forum, offering a comprehensive database of Indian mobile network consumers.

IN FISCAL YEAR 2024-2025

  • May 20, 2024: CERT-In reported that a threat actor alias “Kiberphant0m” gained unauthorized root access to servers controlled by BSNL.
  • July 5, 2024: On social media platform X, a user named @digitaldutta claimed that Airtel data had been hacked by Chinese threat actors and was being sold.
  • July 6, 2024: The National Critical Information Infrastructure Protection Centre (NCIIPC) reported that VPN access to the network of the Telecom Regulatory Authority of India (TRAI) was being sold on an exploits forum.
  • July 9, 2024: NCIIPC reported that personally identifiable information (PII) of Tata Tele subscribers was available for sale on the darknet.
  • July 19, 2024: NCIIPC, based on credible sources, revealed that over 2 TB of data belonging to Telecommunications Consultants India Limited (TCIL) had been stolen by threat actors.

Former Punjab Chief Minister and now a member of Lok Sabha Charanjit Singh Channi asked the minister whether the government had taken any action against such companies involved in data breaches and data selling during the said period.

Despite the reports, the minister emphasized that the causes of these data breaches have not been established in the instances mentioned. As a result, no punitive measures have been taken against the service providers.



Source link