India’s leading telecom provider Bharti Airtel is embroiled in a data breach controversy after a hacker claimed to have stolen the personal information of nearly 375 million users. The company vehemently denied the allegations, calling them a “desperate attempt to tarnish Airtel’s reputation” and is likely done by its competitors who have “vested interests.”
However, the incident has reignited concerns about data security in India and the effectiveness of government cybersecurity measures.
Airtel Data Breach Claims and Denial
According to a post on a popular underground hacker forum, a user under the alias “xenZen” offered Airtel database for sale, which included records of 375 million customers. The alleged database contained sensitive information like phone numbers, email addresses, and even Aadhaar numbers, a unique identification number assigned to Indian citizens. This information, if compromised, could leave users vulnerable to phishing attacks, identity theft, and financial fraud.
Airtel, in a swift response, launched an investigation and maintains that no breach occurred within their systems.
The telecom giant said it is likely a smear campaign against them. The claims of the data breach surfaced just days after Airtel hiked tariffs following a recent adjustment. Airtel increased the price of its monthly entry level plan to Rs. 199, which was previously Rs. 179 – a 11% increase. Its competitors Reliance Jio and Vodafone Idea have also increased their tariffs recently but by almost double of theirs – up to 22%.
Experts Concerned
While the company’s denial offers some reassurance, cybersecurity experts remain cautious. Srinivas Kodali, a Hyderabad-based cybersecurity expert, highlighted the role of the Computer Emergency Response Team (CERT-In), a government body responsible for handling cyber threats. He expressed concern about CERT-In’s ability to manage such large-scale incidents.
“Airtel denies the breach. India’s cyber security regulator CERT-In is as usual missing in action. Under the new Data Protection Act, the responsibility to verify and notify people of breaches is with Data Protection Authority, which is yet to be formed.” – Srinivas Kodali, a Hyderabad-based cybersecurity expert
Citing the recent BSNL data breach Kodali said data security is a growing menace in the telecom sector. “While Airtel has denied the breach, there is no independent verification by Data Protection Authority and that is a problem,” Kodali said.
The conflicting narratives between Airtel and cybersecurity experts raise questions. Did a breach actually occur, or is this a misinformation campaign? Here are some crucial aspects to consider:
- Independent Verification: The lack of independent verification of the breached data makes it difficult to ascertain its authenticity. Further investigation by cybersecurity firms or authorities is essential.
- Dark Web Analysis: Analyzing the data sample shared by the hacker on the dark web forum could offer insights into its origin and potential legitimacy. For this, AI-powered cyber threat intelligence services like those offered by Cyble Research and Intelligence Labs (CRIL), could be of immense help.
- Airtel’s Security Posture: A thorough review of Airtel’s security protocols and data protection measures is necessary to identify any potential vulnerabilities that may have been exploited.
The Airtel data breach controversy is a reminder of the critical need for robust cybersecurity measures in India. Both telecom companies and government agencies need to prioritize data security investments and implement stricter regulations to safeguard user privacy. Only through a collaborative effort can India build a more resilient cyber ecosystem that protects its citizens from online threats.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.