Infocomm, which is looking into reports of a major leak of user data, has filed a police complaint alleging "unlawful access to its systems," a police officer involved in the investigation said on Wednesday.
The complaint, made on Monday in Navi Mumbai, where Jio
is headquartered, would be the telecom firm's first official acknowledgement of a system breach. Jio
has so far denied media reports and user accounts of a leak.
Jio, part of conglomerate Reliance
Industries (RIL), did not respond to a Reuters
request for comment on Wednesday.
Several local news websites reported late on Sunday that names, telephone numbers and email addresses of Jio
users were visible on a site called 'Magicapk,' which was subsequently taken down.
Jio, however, said its user data was safe and maintained with the highest security, and that the data on the Magicapk website appeared "unauthentic".
News outlets such as Indian Express
reported being able to cross-reference and confirm the veracity of the data on numerous Jio
customers known to them.
On Tuesday, Reuters reported that police in the western state of Rajasthan detained a man on suspicion of involvement in the breach, which cyber security analysts said could be the first large-scale leak from an Indian telecoms firm.
The officer involved in the matter declined to give further detail on the investigation, but said preliminary evidence indicated the widely-used Aadhaar numbers of Jio
customers were not compromised in the leak.
Jio, which launched last September, already boasts over 100 million subscribers after drawing in users with months of free service and now cut-price deals. It is not clear whether data on all 100 million plus customers was compromised.
Many users registered for Jio
using their 12-digit Unique Identification Authority of India UIDAI number, known as the Aadhaar number.
The government is pushing for Aadhaar numbers to be used in everything from opening a bank account to filing tax returns. The number, which works in a similar way to US Social Security numbers, is unique to each Indian citizen and stores users’ biometric data in a centralised database.
The case was registered under Section 66 of the Information Technology Act, which deals with any unauthorised access to a computer network, and Section 379 of the Indian Penal Code, which deals with theft.