Sensitive data from BSNL, including IMSI numbers and server details, has been compromised.
The hacker "kiberphant0m" is selling the stolen data on the dark web for $5,000.
This incident raises concerns about the security of BSNL's 4G and 5G services.
Just within six months, state-owned telecommunications company Bharat Sanchar Nigam Limited has reportedly suffered another data breach which involves critical data, including international mobile subscriber identity (IMSI) numbers, SIM card information, home location register details, DP card data and even snapshots of BSNL’s SOLARIS servers.
According to a Threat Intelligence Report by Athenian Tech, the cyberattack has been orchestrated by a threat actor known as “kiberphant0m”. The hacker compromised a substantial amount of sensitive data, putting millions of users at risk. In total over 278GB of sensitive information has been compromised.
The report also reveals that the threat actor responsible for the BSNL data breach has priced the stolen data at $5,000 (roughly INR 4,17,000). This price was offered as a special deal, available only from May 30, 2024, to May 31, 2024.
Kanishk Gaur, CEO of Athenian Tech, told Inc42, “The attacker started selling the data on the dark web in the month of May. While they’re selling it for as low as $5,000, the potential impact could be in millions in terms of a cyber breach or stealing certain identifiable information.”
This incident follows a similar breach in December 2023, where another hacker claimed to have accessed personal information of BSNL users. Gaur said that this breach was not connected to the previous one because of the nature of the breach, and the data that has been compromised, is different.
He further said, “Critical components of BSNL’s network infrastructure were compromised. This could potentially undermine the security of BSNL’s current and future 4G and 5G services. As a result, both new and existing BSNL customers are at risk of having their personal and sensitive information exposed or misused.”
With increasing digitisation, there has also been a rise in cybercrimes in the country. The Centre is taking various measures to curb this surge in cybercrimes and financial frauds.
The Ministry of Home Affairs’ cyber crime unit launched the ‘Pratibimb’ app last month, aiding law enforcement in real-time tracking of cyber criminals.
Additionally, the Department of Telecommunications introduced the Digital Intelligence Platform for real-time information sharing among stakeholders, and the Chakshu portal for reporting fraud communications.
Besides, many new startups are emerging to tackle cybersecurity challenges, recognising the increasing importance of safeguarding digital assets in today’s interconnected world.