The data breach was analysed and found that one FTP server had data similar to the sample data shared by CERT-In, MoS for communications said

The minister also said that the government has constituted an inter-ministerial committee to conduct an audit of the telecom networks and suggest remedial measures

The development comes a month after reports surfaced that hackers were selling 278 GB of sensitive data of BSNL users, including IMSI numbers and SIM card information

The Centre has said that there was a “possible intrusion and data breach” at state-owned telecom company Bharat Sanchar Nigam Ltd (BSNL) on May 20, 2024.

Responding to a question, minister of state (MoS) for communications Pemmasani Chandra Sekhar informed the Parliament that the Indian Computer Emergency Response Team (CERT-In) reported a possible data breach at BSNL to the government. 

“The same (data breach) was analysed and found that one file transfer protocol (FTP) server was having the data similar to the sample data shared by CERT-In. No breach into (the) home location register (HLR) of (the) telecom network has been reported by (the) equipment manufacturer, hence no service outage in BSNL’s network,” added Sekhar.

The MoS also said that the government, in response to the data breach, has constituted an inter-ministerial committee (IMC) to conduct an audit of the telecom networks and suggest remedial measures for prevention of data breaches in the telecom networks in the future.

Additionally, he said that the telecom operator has also taken steps to address these issues, including changing access passwords of all similar FTP servers and instructions to maintain air-gap for endpoints.

The development comes a month after reports surfaced that a major data breach at BSNL leaked critical user data, including international mobile subscriber identity (IMSI) numbers, SIM card information, home location register details, DP card data and even snapshots of BSNL’s SOLARIS servers. 

At the time, a report by Athenian Tech said that the hackers compromised over 278 GB of sensitive information of BSNL users, which could put millions of users at risk. The hack came to light after the hackers began selling the stolen data online on the dark web for $5,000 (roughly INR 4.17 Lakhs). 

“The attacker started selling the data on the dark web in the month of May. While they’re selling it for as low as $5,000, the potential impact could be in millions in terms of a cyber breach or stealing certain identifiable information,” Athenian Tech CEO Kanishk Gaur told Inc42 at the time. 

However, this is not the first time that BSNL has faced such an issue. In December 2023, another hacker claimed to have accessed personal information of BSNL users. 

This comes at a time when India is witnessing a big spurt in cybercrimes. Earlier in the day, the government informed the Parliament that CERT-In reported 23,158 “cyber security incidents” in 2023. It also said that the country saw 12,330 cases of “network scanning and probing”, 1,185 cases of “virus/malware incidents” and 401 phishing incidents last year. 

The Centre has taken a slew of steps to address the rise in such incidents. In May, the Ministry of Home Affairs’ cyber crime unit launched the ‘Pratibimb’ app to help law enforcement agencies track cybercriminals in real-time. 

Earlier, the telecom department also launched ‘Digital Intelligence Platform’ for real-time information sharing among stakeholders, and ‘Chakshu’ portal for reporting fraud communications.

The data breach was analysed and found that one FTP server had data similar to the sample data shared by CERT-In, MoS for communications said

The minister also said that the government has constituted an inter-ministerial committee to conduct an audit of the telecom networks and suggest remedial measures

The development comes a month after reports surfaced that hackers were selling 278 GB of sensitive data of BSNL users, including IMSI numbers and SIM card information

The Centre has said that there was a “possible intrusion and data breach” at state-owned telecom company Bharat Sanchar Nigam Ltd (BSNL) on May 20, 2024.

Responding to a question, minister of state (MoS) for communications Pemmasani Chandra Sekhar informed the Parliament that the Indian Computer Emergency Response Team (CERT-In) reported a possible data breach at BSNL to the government. 

“The same (data breach) was analysed and found that one file transfer protocol (FTP) server was having the data similar to the sample data shared by CERT-In. No breach into (the) home location register (HLR) of (the) telecom network has been reported by (the) equipment manufacturer, hence no service outage in BSNL’s network,” added Sekhar.

The MoS also said that the government, in response to the data breach, has constituted an inter-ministerial committee (IMC) to conduct an audit of the telecom networks and suggest remedial measures for prevention of data breaches in the telecom networks in the future.

Additionally, he said that the telecom operator has also taken steps to address these issues, including changing access passwords of all similar FTP servers and instructions to maintain air-gap for endpoints.

The development comes a month after reports surfaced that a major data breach at BSNL leaked critical user data, including international mobile subscriber identity (IMSI) numbers, SIM card information, home location register details, DP card data and even snapshots of BSNL’s SOLARIS servers. 

At the time, a report by Athenian Tech said that the hackers compromised over 278 GB of sensitive information of BSNL users, which could put millions of users at risk. The hack came to light after the hackers began selling the stolen data online on the dark web for $5,000 (roughly INR 4.17 Lakhs). 

“The attacker started selling the data on the dark web in the month of May. While they’re selling it for as low as $5,000, the potential impact could be in millions in terms of a cyber breach or stealing certain identifiable information,” Athenian Tech CEO Kanishk Gaur told Inc42 at the time. 

However, this is not the first time that BSNL has faced such an issue. In December 2023, another hacker claimed to have accessed personal information of BSNL users. 

This comes at a time when India is witnessing a big spurt in cybercrimes. Earlier in the day, the government informed the Parliament that CERT-In reported 23,158 “cyber security incidents” in 2023. It also said that the country saw 12,330 cases of “network scanning and probing”, 1,185 cases of “virus/malware incidents” and 401 phishing incidents last year. 

The Centre has taken a slew of steps to address the rise in such incidents. In May, the Ministry of Home Affairs’ cyber crime unit launched the ‘Pratibimb’ app to help law enforcement agencies track cybercriminals in real-time. 

Earlier, the telecom department also launched ‘Digital Intelligence Platform’ for real-time information sharing among stakeholders, and ‘Chakshu’ portal for reporting fraud communications.