Bharat Sanchar Nigam Limited (BSNL) has suffered another significant security data breach, with a threat actor claiming to have obtained sensitive information. This includes international mobile subscriber identity (IMSI) numbers, SIM card specifics, home location register data, and crucial security keys, according to a report by digital risk management firm Athenian Technology.
The Economic Times quoted Kanishk Gaur, chief executive of Athenian Technology, who indicated that the data breach was attributed to a threat actor known as 'kiberphant0m.' This actor compromised over 278 GB of data from BSNL’s telecom operations, including server snapshots that could be exploited for SIM cloning and other serious criminal activities, such as extortion.
BSNL, a state-owned telecom operator, faced a similar data breach incident in December last year. The latest breach has seen the threat actor openly value the compromised data at $5,000. Gaur described the breached data as ‘complex and critical,’ targeting the core operational systems of BSNL and posing a significant national security threat.
The extensive operational data that has been breached could enable more advanced cyber-attacks, targeting not just BSNL but also interconnected systems and networks. This poses significant risks to national security, according to Gaur. Access to SIM card data and authentication keys could allow attackers to circumvent security protocols on financial accounts, leading to financial losses and identity theft for users.
Gaur emphasized the need for BSNL to initiate an urgent investigation to assess and contain the breach. Immediate steps include securing network endpoints and auditing access logs.
In December 2023, a threat actor known as 'Perell' published a dataset comprising 32,000 lines of data on a dark web forum. This dataset exposed sensitive information about users of BSNL’s fibre and landline services, with claims that the total number of data entries across all databases reached 2.9 million. This included email addresses, billing information, contact numbers, mobile outage records, network specifics, completed orders, and customer profiles.
In the latest data breach incident, the threat actor allegedly confirmed that the data being sold were unique and not connected to previously sold datasets centered on user information.
