Data security experts urge govt to set up nodal body to confirm breaches

U Sudhakar Reddy / TNN / Updated: Jul 6, 2024, 19:45 IST

Text Size

Small
Medium
Large

Airtel refutes allegations of a data breach involving 37.5 crore users. Security researchers emphasize the need for implementing the Data Protection Act for verification. Claims of China-based threat actor selling Aadhaar numbers proven false. Cybersecurity firm CEO highlights the compilation of leaked data from various sources.

Data security experts urge govt to set up nodal body to confirm breaches

Representative Image

HYDERABAD: In light of alleged claims of hacking of Airtel data, security researchers have asked the govt to implement the data protection Act as under it the responsibility of informing/ confirming such breaches would be with the data protection authority, which, however, has not yet been formed. Airtel has categorically denied the claims of data breach of 37.5 crore users.
“There has been a social media chatter around Airtel’s data breach due to an unauthentic data hacker claiming to have access to Airtel’s data.

The hacker has not been able to provide any proof for his claim and is using this wrongly to tarnish brand image,” Airtel said in a clarification. An Airtel spokesperson added, “We are confirming that the data is secure, and no such breach has occurred. We have done a thorough investigation and can confirm that there has been no breach whatsoever from Airtel systems.”
Data security researcher Kodali Srinivas said, “The airtel breach claim shows how important it is for govt of India to start implementing the data protection Act. With no data protection authority to independently verify these reported incidents of breaches, there is no way to confirm if there was a breach or not. Airtel is within its rights to deny these alleged breaches, but regulators needs to verify these claims.”
On Friday, Kodali posted on ‘X’: “Airtel has been hacked by a China based threat actor. He listed 37.5 crore airtel customer’s data including their Aadhaar numbers for sale. The actor who listed this data for sale on breach forums, is now suspended. India’s Data Protection Act is still not active (sic).”

However, Rahul Sasi, CEO of cybersecurity firm CloudSEK, said the threat actor “had gathered previously leaked data and was falsely claiming it to be a recent breach of Airtel’s database”.
He added, “Over the past few years, there have been numerous instances of millions of Personally Identifiable Information (PII) being leaked from various providers. It’s important to note that it’s relatively easy to compile a database consisting of first names, last names, and phone numbers belonging to any service provider using publicly available data sets.”

About the Author

U Sudhakar Reddy

Sudhakar Reddy Udumula is the Editor (Investigation) at the Times of India, Hyderabad. Following the trail of migration and drought across the rustic landscape of Andhra Pradesh and Telangana, Sudhakar reported extensively on government apathy, divisive politics, systemic gender discrimination, agrarian crisis and the will to survive great odds. His curiosity for peeking behind the curtain triumphed over the criminal agenda of many scamsters in the highest political and corporate circles, making way for breaking stories such as Panama Papers Scam, Telgi Stamp Paper Scam, and many others. His versatility in reporting extended to red corridors of left-wing extremism where the lives of security forces and the locals in Maoist-affected areas were key points of investigation. His knack for detail provided crucial evidence of involvement from overseas in terrorist bombings in Hyderabad.

End of Article