User data breach at BSNL, will set up committee for review: Govt says

New Delhi: Union Minister of State for Communications Chandra Shekar Pemmasani on Wednesday confirmed in the Lok Sabha that a data breach had taken place on May 20 at the state-owned telecom operator Bharat Sanchar Nigam Limited (BSNL), The News Minute reported.

The Minister informed the details to the House in a written response to a question raised by Congress MP Amar Singh.

Chandra Shekar Pemmasani Indian Computer Emergency Response Team (CERT-In), which is tasked to take care of cyber security incidents, found “one of BSNL’s File Transfer Protocol (FTP) servers had data similar to the sample of breached data which was found in CERT-In’s investigation,” according to The News Minute.

However, Pemmasani asserted that “No breach in Home Location Register (HLR) of Telecom Network has been reported by the Equipment Manufacturer, therefore no service outage in BSNL’s Network.”

The Minister announced that the government has formed an Inter-Ministerial Committee (IMC) to audit telecom networks and also for suggesting remedial measures to stop future data breaches.

It is reported that the breach was noticed after a user named “kiberphant0m”, posting on Breachforums, a website known for selling hacked data, claimed to have accessed around 278 gigabytes of data from BSNL.

The breached data reportedly included IMSI number (International Mobile Subscriber Identity), SIM details, HLR (Home Location Register), DP card data and DP Security Key data which supports BSNL’s security systems and user offered to sell the data for $5,000.

Meanwhile, BSNL has changed passwords to all similar FTP servers alongside instructed that endpoints (devices connected to the network) maintain air gaps, to ensure that a secure computer network is physically isolated from unsecured networks.