BSNL data breach exposes 278 GB of sensitive telecom info, twice in 6 mts

A threat actor has claimed to have obtained sensitive data, which includes international mobile subscriber identity numbers, SIM card specifics, home location register data, and security keys

Don't want to miss the best from Business Standard?

Bharat Sanchar Nigam Limited (BSNL) suffered a security data breach where a threat actor claimed to have obtained sensitive data. This includes international mobile subscriber identity (IMSI) numbers, SIM card specifics, home location register data, and crucial security keys, according to a report by digital risk management firm Athenian Technology.

A report by The Economic Times quoted Kanishk Gaur, chief executive of Athenian Technology, indicating that the data breach was attributed to a threat actor known as ‘kiberphant0m’ that compromised over 278 GB of data from BSNL’s telecom operations. This includes server snapshots that could be exploited for SIM cloning and other serious criminal activities, such as extortion, Gaur said.

The state-owned telecom operator faced a similar data breach incident in December last year.

The threat actor in the latest breach has openly valued the compromised data at $5,000. The breached data is described as ‘complex and critical’, going beyond typical user information to target the core operational systems of BSNL, Gaur said, as cited by the report.

Critical national security threat

The extensive operational data that has been breached could enable more advanced cyber-attacks. These attacks could target not just BSNL but also interconnected systems and networks, posing significant risks to national security, the Athenian Technology chief said.

Access to SIM card data and authentication keys could allow attackers to circumvent security protocols on financial accounts, resulting in financial losses and identity theft for users, he said.

“BSNL should initiate an urgent investigation to assess and contain the breach. Immediate steps include securing network endpoints and auditing access logs,” Gaur said.

BSNL data breach in December, 2023

In December last year, the threat actor, known as ‘Perell’, published a dataset comprising 32,000 lines of data on a dark web forum. This dataset exposed sensitive information about users of BSNL’s fibre and landline services. The threat actor claimed that the total number of data entries across all databases reached 2.9 million. In addition to email addresses, billing information, and contact numbers, the dataset contained details on mobile outage records, network specifics, completed orders, and customer profiles, among other sensitive data.

In the latest data breach incident at BSNL, the threat actor allegedly confirmed that the data being sold were unique and not connected to previously sold datasets that centered on user information.