Reliance Jio's recent data breach, which exposed the details of nearly 120 million subscribers, could have been caused due to external vendors. A preliminary report states that Jio's own apps and sites have been found secure and were not responsible for the breach. According to Economic Times, Jio had roped in EY for investigating the data breach, which was first revealed by FoneArena on Sunday night. A site named magicapk exposed critical user information like first name, last name, sim activation date as well as time and circle of activation of a particular Jio number. Since Jio numbers are linked to an Aadhaar number, the breach sent alarm bells ringing among customers and security analysts. The breach is considered to be the single largest leak in India. The initial report from EY doesn't reveal much except that Jio's data system was not breached and that the data leak happened at the vendors' end. However, it remains to be seen whether Jio announces a new initiative to ensure such leaks don't happen in the future.
Post the data breach, Jio said that the data appears to be unauthentic and that the claims of the website were unverified and unsubstantiated. While Jio dismissed the data as inauthentic, our own searches showed authentic personal information. Jio has reported the data breach to Cert-in, the government agency tracking computer security and has also filed a FIR with the cyber crime cell of the Navi Mumbai Police.
At its Project Next announcement, Gopal Vittal, MD, Bharti Airtel said that data breach is a real threat faced by every industry and telcos should be careful since they also serve as payments banks now. He also added that Airtel values customer privacy and takes security seriously.