India's state-owned telecom operator, Bharat Sanchar Nigam Ltd (BSNL), experienced a substantial data breach, placing the personal information of thousands of users at risk. Reports indicated that a threat actor on the dark web had claimed possession of critical information related to BSNL's fiber and landline users.

According to a report by ET, the threat actor, operating under the pseudonym "Perell," has purportedly shared a "sample dataset" on the dark web, containing sensitive information of BSNL's fiber and landline users. The hacker is alleged to have obtained crucial details, including email addresses, billing information, contact numbers, and other sensitive data.

Additionally, information such as mobile outage records, network specifics, completed orders, and customer details have reportedly been compromised, as disclosed by a source familiar with the situation.

An unidentified individual has expressed concerns over a potential breach that poses an immediate threat to the privacy and security of customers associated with Bharat Sanchar Nigam Limited (BSNL), an entity considered critical infrastructure.

The report indicates that a hacker, identified as 'Perell,' has shared a dataset containing approximately 32,000 lines of data. However, Perell claims to have access to a significantly larger amount, boasting possession of about 2.9 million lines of data spanning all databases.

This extensive dataset reportedly encompasses various details, including the district information of BSNL customers. The gravity of the situation raises apprehensions about the potential compromise of sensitive information and underscores the urgent need for robust measures to safeguard the integrity of BSNL's critical infrastructure and ensure the privacy and security of its clientele.

The Indian cybersecurity watchdog Cert-In has been informed about a hacking attack on BSNL. Although BSNL has not officially acknowledged the breach, cybersecurity expert Kanishk Gaur, founder of India Future Foundation, described the data breach as "deeply concerning."

Expressing grave concern, cybersecurity expert Kanishk Gaur remarked, "The recent data breach at BSNL raises profound apprehensions. This incident carries extensive ramifications for both BSNL as a service provider and its user base."

Gaur emphasized the severity of the breach, involving the compromise of sensitive information. He underscored that this compromise not only undermines user privacy but also exposes them to heightened risks such as identity theft, financial fraud, and targeted phishing attacks. The warning highlights the urgent need for comprehensive measures to address the potential fallout from this security lapse and safeguard the interests and security of BSNL's user community.

An informed source highlighted to ET that this situation poses an imminent threat to the privacy and security of BSNL customers, especially considering the critical nature of this infrastructure. The dataset shared by the hacker, as reported, comprises around 32,000 lines of data.

However, 'Perell,' the threat actor in question, asserts possession of a staggering approximately 2.9 million lines of data, spanning all databases. The reported data encompasses various details, including the district information of BSNL customers.

Image source: Economic Times