In early July 2024, reports surfaced claiming that a hacker, known by the alias “xenZen,” had accessed the personal data of 375 million Airtel users. This data allegedly included sensitive information such as mobile numbers, Aadhaar details, email addresses and more. The hacker reportedly sold this data on the dark web for $50,000. Airtel, however, has strongly denied these claims. The company conducted a thorough investigation and confirmed that there was no breach of their systems. Despite these assurances, the rumours have raised concerns among consumers about the security of their personal information.
Data breaches have recently become a significant concern for companies and consumers alike. With the increasing reliance on digital services, the security of personal data is paramount. In 2023, India’s average data breach cost reached an all-time high of ₹17.9 crore (approximately $2.2 million), marking a significant 28% increase since 2020. This figure reflects the growing complexity and frequency of data breaches, with detection and escalation costs rising by 45% over the same period. In January 2024, it was reported that the personal data of 750 million telecom users in India was being sold on the dark web. If a data breach of this magnitude were to occur, the consequences for consumers could be severe.
Table of Contents
The Potential Impact
Cybercriminals could gain access to personal information such as Aadhaar IDs and email addresses to engage in identity theft. This could lead to unauthorised transactions, the opening of new accounts, and other fraudulent activities. Personal data can also be used to access bank accounts and credit cards. Consumers could find themselves victims of financial fraud, with unauthorised transactions draining their accounts.
However, this hacker has allegedly tried to sell this data on the dark web; leaked data can be sold to marketing companies, leading to a surge in spam calls, emails, and messages. This can be both annoying and intrusive for consumers. A data breach can significantly damage the trust consumers have in a company. Airtel, one of India’s largest telecom providers, could see a decline in customer loyalty and a potential loss of subscribers.
The Repercussions of So-Called Data Breach on Airtel
Since trust is a crucial factor in the telecom industry, the consequences of this data leak would extend beyond just financial loss and could lead Airtel to a loss of credibility. The company could face legal actions from affected customers and regulatory bodies, and they might have to pay hefty fines and compensations to those impacted by the breach. Operational disruptions can also take place since addressing a data breach requires significant resources. Airtel would need to invest in strengthening its security infrastructure, conducting investigations, and managing public relations.
It’s Not the First Time
This isn’t the first time Airtel has faced data breach claims. In February 2021, cybersecurity researcher Rajshekhar Rajaharia claimed that the personal data of 2.6 million Airtel subscribers in Jammu and Kashmir was being sold. Airtel denied this breach. However, in 2019, a security flaw in their mobile app exposed the details of over 300 million users. Airtel confirmed this breach and assured users it had been fixed.
Airtel isn’t the only telecom company that hackers targeted. After Reliance Jio was launched in 2016, its customer data was reportedly hacked. In 2017, names, numbers, emails, activation dates, and circles of Jio subscribers were found on a website called Magicapk. In 2022, call logs, including locations and durations, of 300 million Vi (formerly Vodafone Idea) users were leaked. Vi admitted there was a flaw in their billing system but denied a data breach.
A Dire Need to Establish a Dedicated Nodal Body
Data security experts and officials have urged the government to establish a dedicated nodal body to confirm and manage data breaches. This body would be responsible for verifying breach claims and ensuring that companies adhere to strict data protection standards The call for such a body highlights the growing concern over data security and the need for a centralised authority to handle these issues effectively.
“The Airtel breach claim shows how important it is for the government of India to start implementing the Data Protection Act. With no data protection authority to independently verify these reported incidents of breaches, there is no way to confirm if there was a breach or not. Airtel is within its rights to deny these alleged breaches, but regulators need to verify these claims,” Kodali Srinivas, the renowned data security researcher, posted on X.
While Airtel has denied the recent allegations of a data breach, the incident serves as a reminder of the importance of data security. For consumers, it highlights the need to be vigilant about their personal information. For companies, it underscores the necessity of robust security measures to protect against potential threats. In an increasingly digital world, the security of personal data is not just a priority but a necessity. The government along with regulatory bodies must ensure that giant telecom companies like Airtel are taking robust preventive measures to prevent the risk of such data breaches.