Airtel Denies Breach after Hacker Lists Data of 375 Million Customers on Dark Web
Moneylife Digital Team 05 July 2024
Bharti Airtel Ltd (Airtel) has denied a data breach in its systems that allegedly led to a hacker publishing details of 375mn (million) subscribers of Airtel for sale on the dark web.
 
In a statement on X, Airtel says, "There has been a report alleging that Airtel customer data has been compromised. This is nothing short of a desperate attempt to tarnish Airtel's reputation by vested interests. We have done a thorough investigation and can confirm that there has been no breach whatsoever from Airtel systems."
 
Earlier, Srinivas Kodali, a public interest technologist and alumnus of IIT Madras, posted a message saying that "Airtel has been hacked by a China-based threat actor. He listed 37.5 crore Airtel customers' data, including their Aadhaar numbers for sale. The actor who listed this data for sale on breach forums, is now suspended on the forum. India's Data Protection Act is still not active."
 
 
"Airtel alleged breach comes just after weeks of critical BSNL data breach which exposed 278giga byte (GB) of operational data. Which could be easily used to clone SIMs. While Airtel has denied the breach, there is no independent verification by the data protection authority and that is a problem," Mr Kodali says in another post.
 
A February 2022 survey by LocalCircles found that as much as 41% of the citizens feel that the last mile of telecom companies and banks is not secure, while 33% of citizens are unaware of how their data got compromised. 
 
Responding to a survey question on the risk of a personal data breach, 26% of citizens say the mobile or broadband company and its service-providers are responsible for the breach. There were also 15% who think bank, debit, credit card or insurance company and their service-providers are responsible for the data leakage, 4% said 'hospital and healthcare facilities', 11% said 'travel, shopping and other websites', and 6% said 'government departments'. About 5% said they 'gave away the information without checking', and 33% said 'they just could not figure out how their data got compromised. (Read: 41% Citizens Blame Telcos, Banks for Data Breaches; 33% Unaware How It Happened: Survey)
 
Earlier in April 2021, Mr Kodali and The Reporters' Collective obtained data through the Right to Information (RTI) Act, which showed the Union ministry of road transport & highways (MoRTH) sold the country's entire vehicle registration database to Fast Lane Automotive Pvt Ltd (FLA), a private Indian company, without any concern for data privacy and security. Fast Lane Automotive, in turn, shared this sensitive information with Management Services Helwig Schmitt GMBH (ManServ), a German company. 
 
The realisation came after Fast Lane Automotive informed the ministry it was engaging with a German firm – (ManServ) – and sample data had been transferred to it along with important documentation of the contract.
 
Mr Kodali says, "The issue here is that the government assumes it owns the data it collects from us in a fiduciary capacity. It wants to sell or share it with anyone it wants. But will not share the benefits with states or ask permission from citizens. Also, data trusts are not good." (Read: Indian Govt Sold Sensitive Vehicular Data to a Private Firm Which Shared it with a German Company: Wire Report)
Comments
ArrayArray
Free Helpline
Legal Credit
Feedback