Critical BSNL 278GB Data Breach: Government Call Records and Security Keys Exposed
Critical BSNL Data Breach Exposes Government Call Records and Security Keys
Major Cybersecurity Breach
Data breaches at Bharat Sanchar Nigam Limited (BSNL), a major Indian public sector telecom company, have harmed cybersecurity. This breach exposed 278 GB of sensitive data, including government employee phone records and crucial security keys, putting Indian institutions at risk and highlighting digital infrastructure weaknesses.
Breach Details
Hacker “kiberphant0m” posted the data on BreachForums, a renowned online marketplace for stolen data, on May 29. IMSI numbers, SIM card details, HLR data, and crucial security keys were compromised. This incident exposed a Rs 1.3 trillion market to misuse and illegal transaction, demonstrating the security breach.
Possible Effect
The leak includes federal employee call records with durations and data consumption. This data could be used for SIM cloning and other crimes. It breaches government officials’ communication details, threatening national security. IMSI numbers, which don’t expose phone numbers, can track users’ locations and clone SIM cards, allowing identity theft and unauthorized access to critical data.
Government Reaction
The Indian government has not commented on the breach, despite its severity. The central government required all ministries and departments to use BSNL and MTNL for telecommunications in 2020. This mandate protected official communications, making the breach concerning.
Analysis by experts
Athenian Technology, a digital risk management organization, warned of extortion using compromised data. Cybersecurity expert Prateek Dubey said, “It is practically impossible to catch every threat actor posting such data on these platforms as their numbers are increasing by the day.”
BreachForums: A Perpetual Threat
After multiple law enforcement seizures, BreachForums, the data-leaking platform, continues to operate. In March 2022, 19-year-old Conor Brian Fitzpatrick launched the site, which thieves use to trade stolen data. After Fitzpatrick’s arrest and brief possession of the forum in May 2023, ‘ShinyHunter’ resurrected it, highlighting the difficulties authorities confront in shutting down such sites.
Previous Events
Indian data has been compromised on BreachForums before. Hackers sought a ransom from Rentomojo in May 2023 and sold 1.5 million Zivame users’ data. Data breaches from BSNL, CERT-In, and HawkEye, the Telangana Police website, are also notable.
Conclusion
The BSNL data incident highlights the need for strong public sector cybersecurity. BreachForums exposes vital government data, threatening national security and highlighting crimes. As authorities seek to repair the damage and prevent future intrusions, this incident highlights the vulnerabilities in our digital infrastructure and the significance of proactive cybersecurity tactics.