India has confirmed a data breach in the systems of Bharat Sanchar Nigam Limited’s (BSNL), the country’s largest government-owned-telecommunications service provider. The BSNL data breach, reported on May 20, 2024, is the second such cyberattack in a span of six months.
India’s Minister of State for Communications, Chandra Sekhar Pemmasani, confirmed the data breach on July 24 in response to a query from opposition MP Amar Singh in the Parliament.
BSNL Data Breach in Detail
The BSNL data breach was first disclosed by an Indian firm, Athenian Tech, in its threat intelligence report. According to the report, a threat actor, operating under the alias “kiberphant0m”, leaked a significant amount of sensitive data affecting millions of users.
The BSNL data breach reportedly involves critical data, including international Mobile Subscriber Identity (IMSI) numbers, SIM card information, Home Location Register (HLR) specifics, DP Card Data, and even snapshots of BSNL’s SOLARIS servers, which can be misused for SIM cloning.
The threat actor posted this information on the data hack site BreachForums and shared samples of the breach to legitimize the claim. Overall, around 278GB of sensitive information was claimed to be compromised.
The hacker also posted details of call log samples that leaked sensitive information like mobile numbers of users, the date and duration of calls, and the amount charged for the call in Indian Rupees. The call log samples were being leaked in two sets: one for the month of May 2024 and another from 2020. The threat actor was selling the alleged stolen data for $5,000.
This data is critical, as it can provide hackers with an entry point into BSNL’s networks, potentially allowing them to clone SIM cards of users. Such a capability could enable attackers to intercept communications, access private information, and potentially disrupt services.
India’s Computer Emergency Response Team (CERT-In), the national agency for incident response, identified the potential intrusion and data breach at BSNL. Minister Pemmasani confirmed that while the breach did not lead to any service outages, one BSNL server was found to have data similar to the sample data shared by CERT-In.
“The same was analysed and found that one File Transfer Protocol (FTP) server had the data similar to the sample data shared by CERT-In. No breach into the Home Location Register (HLR) of the telecom network has been reported by the equipment manufacturer, hence no service outage in BSNL’s network,” the minister said.
The government has set up an inter-ministerial committee to conduct a detailed investigation of telecom networks. The committee will conduct a comprehensive audit of telecom networks and recommend measures to ensure that the country doesn’t face similar breaches in the future.
The Telecom Minister emphasised the importance of securing telecom networks to protect sensitive user data and maintain the integrity of communication services.
Implications of BSNL Data Breach
The breach at BSNL highlights the growing cybersecurity threats within India’s telecom sector. While there has been minimal impact on the telecom operator’s services, the potential for significant exploitation of the compromised data remains a concern. The government’s swift action in addressing the breach and investigating the vulnerabilities is crucial in mitigating further risks. Users should remain vigilant and monitor their accounts for any unusual activity.
Previous BSNL Data Breach
This is the second instance of a cyberattack on BSNL in less than six months. In December 2023, a threat actor known as “Perell” claimed access to critical information about fiber and landline users of BSNL. The dataset contained about 32,000 lines of data allegedly impacting over 2.9 million users. However, BSNL did not validate the claims back then.