BSNL Data Breach: Data worth 278GB leaked, millions of users at risk of SIM cloning, financial frauds

Bharat Sanchar Nigam Limited (BSNL) has experienced another significant data breach, with a threat actor claiming to have obtained sensitive information.

According to digital risk management firm Athenian Technology, the compromised data includes international mobile subscriber identity (IMSI) numbers, SIM card specifics, home location register data, and crucial security keys.

The breach was reported by The Economic Times, which quoted Kanishk Gaur, chief executive of Athenian Technology. Gaur attributed the breach to a threat actor known as ‘kiberphant0m,’ who allegedly compromised over 278GB of data from BSNL’s telecom operations.

This data includes server snapshots, which could be exploited for SIM cloning and other serious criminal activities, such as extortion.

The threat actor has valued the compromised data at $5,000. The breach is described as complex and critical, targeting BSNL’s core operational systems rather than just user information. This extensive operational data could enable more advanced cyber-attacks, posing significant risks not only to BSNL but also to interconnected systems and networks, highlighting a critical national security threat.

Access to SIM card data and authentication keys could allow attackers to bypass security protocols on financial accounts, potentially leading to financial losses and identity theft for users. Gaur emphasized the urgency for BSNL to initiate a thorough investigation to assess and contain the breach. He recommended securing network endpoints and auditing access logs as immediate steps.

This incident follows a similar data breach in December of the previous year, where a threat actor known as ‘Perell’ published a dataset containing 32,000 lines of data on a dark web forum. This dataset exposed sensitive information about BSNL’s fibre and landline service users, including email addresses, billing information, contact numbers, mobile outage records, network specifics, completed orders, and customer profiles. The total number of data entries across all databases was claimed to be 2.9 million.

In the latest incident, the threat actor has confirmed that the data being sold is unique and not connected to previously sold datasets that focused on user information. This highlights the evolving nature of the threats faced by BSNL and the need for robust cybersecurity measures.