- JANUARY 29, 2024; The Department of Telecommunications (‘DoT’) has requested the Telecom Service Providers (‘TSP’) to undertake a security audit of their systems.
This decision of DoT comes after a Cybersecurity firm, CloudSEK, claimed that personal data of 750 million Indian telecom subscribers of 1.8 terabyte database was comprised and has been put on sale on the dark web by ‘CYBO CREW affiliates CyboDevil and UNIT8200.
CloudSEK has alleged that this database contains critical information like names, mobile numbers, addresses and Aadhar details. The sample provided by the threat actor has been verified by CloudSEK and the threat actor is demanding USD 3,000 for the sale of the entire database on the dark web.
The size of this leaked database poses an immediate threat to the security of both Indian citizens and organisations, potentially leading to financial losses, identity theft, reputational damage, and increased susceptibility to cyberattacks. However, according to a senior officer in the DoT, the TSPs have informally shared with the DoT that the leaked data seems to be a compilation of old data sets of telecom subscribers and is not due to any vulnerability in their systems.
