Data security experts urge govt to set up nodal body to confirm breaches – ET CISO
https://etimg.etb2bimg.com/thumb/msid-111557082,imgsize-12516,width-1200,height=765,overlay-etciso/data-breaches/data-security-experts-urge-govt-to-set-up-nodal-body-to-confirm-breaches.jpg
In light of alleged claims of hacking of Airtel data, security researchers have asked the govt to implement the data protection Act as under it the responsibility of informing/ confirming such breaches would be with the data protection authority, which, however, has not yet been formed. Airtel has categorically denied the claims of data breach of 37.5 crore users.
“There has been a social media chatter around Airtel’s data breach due to an unauthentic data hacker claiming to have access to Airtel’s data. The hacker has not been able to provide any proof for his claim and is using this wrongly to tarnish brand image,” Airtel said in a clarification. An Airtel spokesperson added, “We are confirming that the data is secure, and no such breach has occurred. We have done a thorough investigation and can confirm that there has been no breach whatsoever from Airtel systems.”
Data security researcher Kodali Srinivas said, “The airtel breach claim shows how important it is for govt of India to start implementing the data protection Act. With no data protection authority to independently verify these reported incidents of breaches, there is no way to confirm if there was a breach or not. Airtel is within its rights to deny these alleged breaches, but regulators needs to verify these claims.”
On Friday, Kodali posted on ‘X’: “Airtel has been hacked by a China based threat actor. He listed 37.5 crore airtel customer’s data including their Aadhaar numbers for sale. The actor who listed this data for sale on breach forums, is now suspended. India’s Data Protection Act is still not active (sic).”
However, Rahul Sasi, CEO of cybersecurity firm CloudSEK, said the threat actor “had gathered previously leaked data and was falsely claiming it to be a recent breach of Airtel’s database”.
He added, “Over the past few years, there have been numerous instances of millions of Personally Identifiable Information (PII) being leaked from various providers. It’s important to note that it’s relatively easy to compile a database consisting of first names, last names, and phone numbers belonging to any service provider using publicly available data sets.”