BSNL Data Breached Yet Again? Millions of Users Face Risk of SIM Card Cloning, Financial Fraud
Indiaβs largest government-owned-telecommunications service provider, Bharat Sanchar Nigam Ltd (BSNL), has allegedly suffered a massive data breach, the second such instance in less than six months. The BSNL data breach reportedly involves critical data including international Mobile Subscriber Identity (IMSI) numbers, SIM card information, Home Location Register (HLR) specifics, DP Card Data, and even snapshots of BSNL's SOLARIS servers which can be misused for SIM cloning.
Exploring Claims of BSNL Data Breach
The BSNL data leak was first disclosed by an Indian firm, Athenian Tech, in its threat intelligence report. According to the report, a threat actor, operating under the alias βkiberphant0mβ, leaked a significant amount of sensitive data affecting millions of users. The threat actor posted this information on the data hack site BreachForums and shared samples of the breach to legitimize the claim. Overall, around 278GB of sensitive information could be compromised. The hacker also posted details of call log samples which leaked sensitive information like mobile numbers of users, the date and duration of calls, and the amount charged for the call in Indian Rupees. The call log samples were being leaked in two sets: one for the month of May 2024 and another from 2020. This indicates that the data breach was a recent attack raising questions over the security checks in place at BSNL. The threat actor was selling the alleged stolen data for $5,000. The steep price tag could indicate the significant value of the stolen data which is sensitive. The Cyber Express has yet to verify the authenticity of the recent BSNL data breach and has contactedΒ the organization for an official response. Β This article will be updated based on their response.Potential Implications of BSNL Data Breach
- SIM Cloning and Identity Theft: Cloning a SIM involves creating a duplicate card that has the same IMSI and authentication keys, thus making it easy for the attackers to intercept messages/ calls, gain access to peopleβs bank accounts, and embezzle their finances.
- Privacy Violations: Identity theft means that one can gain unauthorized access to the individualsβ communication and breaches.
- Financial and Identity Theft: Illegal operations can defeat protective procedures in the financial portfolios, which entail substantial monetary losses and cases of identity theft.
- Targeted Attacks and Scams: The user could be exposed to major security risks and could be vulnerable to phishing schemes and other social engineering attacks, exploiting their trust in BSNL.