Bharat Sanchar Nigam Ltd (BSNL) has suffered a data breach, with a hacker claiming to have accessed sensitive information, including international mobile subscriber identity (IMSI) numbers, SIM card details, home location register data and critical security keys, digital risk management firm Athentian Tech said in a report.
The breach claimed by the threat actor, who goes by the name “kiberphant0m”, involved more than 278 GB of data from BSNL’s telecom operations, including server snapshots, which can be misused for SIM cloning and potentially more severe criminal activities like extortion, Athenian Tech chief executive Kanishk Gaur said.
This is the second instance in six months where the state-owned telecom operator has suffered a data breach.
The threat actor in this instance has publicly priced this data at $5,000 and Gaur said the nature of the breached data was “complex and critical”, surpassing typical user information and targeting the core of BSNL’s operational systems. Queries sent to BSNL remained unanswered.
The detailed operational data that have been compromised could be used to launch more sophisticated cyber-attacks, targeting not only BSNL but other interconnected systems and networks, posing also substantial risks to national security.
With access to SIM card information and authentication keys, attackers could also bypass security measures on financial accounts, leading to financial losses and identity theft for users.
“BSNL should initiate an urgent investigation to assess and contain the breach,” Gaur said. “Immediate steps include securing network endpoints and auditing access logs.”
He said BSNL must implement enhanced security measures, including frequent security audits and the adoption of advanced threat detection technologies.
In last year’s breach, the threat actor using the alias “Perell” had disclosed a “sample dataset” on a dark web forum, including sensitive details of fibre and landline users of BSNL. The dataset contained about 32,000 lines of data and the threat actor claimed that the total number of lines across all databases amounts to over 2.9 million.
The compromised data then included email addresses, billing details, contact numbers, and other sensitive data besides information about mobile outage records, network details, completed orders, and customer information.
This time around, the threat actor has allegedly confirmed that the data being sold were distinct and unrelated to previously sold datasets, which focused on user information.
The threat actor described the current data as more complex and critical, relating directly to telecom operations.
Also Read: NIA Raids In Gujarat, Maharashtra In Pakistan Spying Case