The recent claims by cybersecurity firm CloudSEK that data on 750 million Indian subscribers has been leaked have prompted the Department of Telecom (DoT) to take action. A government official revealed that the DoT has instructed telecom service operators to conduct a comprehensive security audit of their systems in response to these alarming claims.
CloudSEK reported that hackers are attempting to sell a 1.8-terabyte database comprising details of 750 million Indian mobile consumers on the dark web. However, the alleged hacker has denied involvement in a breach and claimed to have obtained the data through undisclosed work within law enforcement channels, as per CloudSEK.
In response to these reports, a senior government official has confirmed that the DoT has taken the proactive measure of instructing telecom operators to conduct a security audit of their systems. Despite this, telecom operators have reportedly informally shared with the department that the leaked information in the CloudSEK report appears to be a compilation of old data sets of telecom subscribers and is not due to any vulnerability in their systems.
CloudSEK’s report highlighted that CYBO CREW affiliates CyboDevil and UNIT8200 had advertised a massive Indian Mobile Network Consumer Database for sale. This database reportedly contains sensitive details, including names, mobile numbers, addresses, and Aadhaar details of 750 million individuals. The leaked data, available for sale, poses significant risks such as financial losses, identity theft, reputational damage, and increased susceptibility to cyberattacks.
In a responsible disclosure, CloudSEK informed relevant authorities and organizations possibly impacted by the breach. The cyber intelligence firm emphasized the need for validation of the data and identification of potential loopholes by telecom service providers and the government. The threat actor allegedly demanded USD 3,000 for the entire dataset, according to the report.
This development has raised concerns about the security of personal data in the Indian telecom sector. The potential consequences of this data leak are severe, ranging from financial losses to identity theft and reputational damage. As a result, it is essential for telecom service providers and the government to thoroughly investigate the validity of the leaked data and take swift action to address any potential vulnerabilities in their systems.
It is evident that the alleged data leak has created a significant threat to the privacy and security of millions of Indian mobile consumers. Given the widespread implications of this incident, it is imperative for the authorities to collaborate closely with cybersecurity experts to contain the damage and prevent similar breaches in the future.
In conclusion, the Department of Telecom’s directive to conduct a security audit of their systems is a step in the right direction. However, it is crucial for telecom operators and the government to work together to ensure the protection of personal data and maintain the trust of Indian mobile consumers. The implications of this alleged data leak underscore the pressing need for robust cybersecurity measures in the Indian telecom sector.