Indian telecom breach may have compromised 100 million records

In what could be the country’s largest ever data breach incident, Jio Reliance may have compromised 100 million users’ records after information was allegedly stolen and put online.

The data in question was put on an independent website called Magicapk, but has since been removed.  The information reportedly included: Full names; Mobile contact numbers; Email addresses; Aadhaar numbers; and SIM card activation dates & times.

This is one huge data breach incident; if its authenticity is to be established…

Aadhaar numbers are essentially like our National Insurance numbers, so they can be very sensitive. The 12 digits are unique to the citizen and are used to identify biometric and demographic information. Of the 1.3 billion people in India, 1.15 billion have signed up and registered with an Aadhaar number.

Jio: “the largest 4G network in India offers high speed mobile internet connection & an engaging digital ecosystem for a seamless digital experience”.  The telecommunications giant has just over 108 million subscribers, and it seems like the company may have been prioritising its numbers over customer care. No matter how many subscribers a company or organisation has, if they don’t protect the customers’ data, they face losing customer numbers.

And here’s where things get a little trickier in this story.

Has there even been a data breach?

The validity of the data breach has been disputed.

The company has spoken about the incident, and instead of a public apology backed by promises of how to do better, Jio has taken a different approach:

“prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security.”

They’re not owning up to a data breach. Jio suggests the data isn’t authentic.

But there are two sides to every story, it seems. Subscribers have taken to forums to blast the company’s stance, alleging that there was legitimate information like email addresses involved in the breach, and that the information could only have come from the alleged Jio breach.

One reddit user said they:

“used a unique email (address) which I have not used anywhere also and can confirm leaked data is from Jio’s database.”

The upshot is that Jio stands accused of not only breaching their customers’ rights to data protection, but also of trying to dodge the blame.