The Union government has confirmed a data breach in Bharat Sanchar Nigam Limited (BSNL) systems, which was reported on May 20, 2024. Minister of State for Communications Chandra Sekhar Pemmasani revealed the details in response to a query in the Lok Sabha by Congress MP Amar Singh.
Details of the Breach
Incident Report
The Indian Computer Emergency Response Team (CERT-In) reported a possible intrusion and data breach at BSNL on May 20, 2024. The breach did not cause any service outage, but it did involve one BSNL server containing data similar to the sample data shared by CERT-In.
Nature of the Breach
According to a report by Athenian Tech, a London-headquartered firm, the breach involved a substantial amount of sensitive data. This included International Mobile Subscriber Identity (IMSI) numbers, SIM card information, and Home Location Register (HLR) details, among other critical data. The compromised data could potentially allow hackers to clone SIM cards of BSNL users.
Government Response
Formation of Inter-Ministerial Committee
Dr. Pemmasani announced that an inter-ministerial committee has been formed to audit telecom networks and suggest remedial measures to prevent future data breaches. The committee is tasked with ensuring the security of telecom networks and safeguarding sensitive user data.
Implications and Security Measures
Impact on Users
The breach is significant because the exposed data can be used by attackers to gain unauthorized access to BSNL’s network. The ability to clone SIM cards poses a severe risk to user privacy and security.
Preventive Actions
The inter-ministerial committee will conduct a thorough audit of telecom networks and recommend measures to strengthen data protection. This initiative aims to enhance the resilience of telecom networks against cyber threats and prevent similar incidents in the future.
Conclusion
The confirmation of the data breach in BSNL systems underscores the critical need for robust cybersecurity measures in telecom networks. The government’s proactive steps, including the formation of an inter-ministerial committee, aim to mitigate the risks and enhance the security framework of the telecom sector.