02 July 2024

BSNL has suffered its second data breach in six months - this time, the data has been priced at $5,000 for anyone to purchase.

According to Athentian Technology, the BSNL data breach has led to the threat actor getting access to sensitive user data such as SIM card details, international mobile subscriber identity (IMSI), home location, and critical security keys. The threat actor - ‘kiberphant0m’ - stole more than 27.8GB of data from BSNL.

This data can be misused by anyone to create duplicate SIM cards, and use in other criminal activities such as extortion, and more.

The nature of the data that has been accessed by the threat actor is ‘critical.’ The data leak can also be a threat to national security, as it can be used to target BSNL and other interconnected systems and networks. Having SIM information and authentication keys can also enable hackers to get access to financial accounts, leading to financial losses for the customers.