The Union government confirmed a data breach in BSNL’s systems, saying that the breach was reported on May 20.
“Indian Computer Emergency Response Team (CERT-In) reported possible intrusion and Data Breach at BSNL on 20.05.2024,” Minister of State for Communications Chandra Sekhar Pemmasani said on Wednesday in a written response to a Lok Sabha query by Congress MP Amar Singh.
While the breach led to “no service outage,” Dr. Pemmasani said, “one [BSNL] server was having the data similar to the sample data shared by CERT-In.”
An inter-ministerial committee has been formed to “conduct audit of the telecom networks and suggest remedial measures for prevention of data breaches in the telecom networks”, Dr. Pemmasani said.
A report in June by the London-headquartered Athenian Tech said that this “breach involves a substantial amount of sensitive data including International Mobile Subscriber Identity (IMSI) numbers, SIM card information, and Home Location Register (HLR) details, among other critical data.”
The data was “critical” enough to provide hackers an opening into BSNL’s networks, the report said, and let attackers “clone” SIM cards of users.