Five incidents of data breach reported in FY25, two in FY24: MoS Communications

Five incidents of data breach have been reported in 2024-25 and two incidents in 2023-24, Minister of State for Communications Pemmasani Chandra Sekhar informed Lok Sabha on Wednesday. The cause of the data breach has not been established in the said instances, hence, no action was taken on the service providers, the minister said in a written reply in Lok Sabha.

"For the FY 2023-2024, two incidents have been reported and for FY 2024-2025, five incidents have been reported. The cause of data breach has not been established in the said instances. Hence, no action was taken on the service providers," he said.

The minister was replying to a question on whether the government has any data regarding the data breach of customers by the companies, telecom or otherwise during the last ten years, and whether any action has been taken against companies involved in data breaches and data selling.

According to the details shared by the minister, CERT-In, on May 20, 2024, reported that a threat actor alias 'Kiberphant0m' has gained unauthorised root super-access to the servers under BSNL (Bharat Sanchar Nigam Ltd) control.

As per the information shared, four incidents were reported in July 2024. On July 5, 2024, on X platform @digitaldutta posted that Airtel data is on sale and has been hacked by Chinese threat actors, and the following day NCIIPC reported that virtual private network access to the network of regulator TRAI is being sold on an exploits forum.

Again on July 9, 2024, the "NCIIPC reported that PII data of Tata Tele subscribers on sale at darknet", whereas on July 19, 2024 "NCIIPC, based on inputs from credible sources, revealed that 2 TB+ data of Telecommunications Consultants India Limited (TCIL) have been stolen by threat actors."