BSNL faces another data breach? Over 270 GB data compromised, claims report

Bharat Sanchar Nigam Ltd (BSNL) has reportedly experienced a data breach, where a threat actor identified as "kiberphant0m" claims to have infiltrated their systems, according to a report. The breach has allegedly compromised sensitive information such as IMSI numbers, SIM card details, home location register data, and critical security keys, a latest report by Athentian Technology, a digital risk management firm, claims. 

The data breach allegedly compromised more than 278 GB of data from BSNL’s telecommunications operations. This includes server snapshots that could potentially be used for activities like SIM cloning and extortion, highlighting the severity of the breach.

The breach could enable attackers to intercept communications, access financial accounts, and perpetrate fraud, the report says. Additionally, unauthorised access to telecom operations could lead to service disruptions and compromised infrastructure stability, impacting both users and national security, it adds.

This incident marks the second breach within six months for the state-owned telecom operator. The threat actor has offered this data for sale at $5,000, emphasising its complexity and critical nature, surpassing typical user information and targeting BSNL’s core operational systems. This "special pricing" was available from May 30 to May 31, 2024, highlighting the heightened value of the compromised data due to its sensitivity and broad scope.

In December last year, a threat actor named 'Perell' released a dataset on a dark web forum, revealing sensitive information about BSNL’s fibre and landline service users. The dataset, consisting of 32,000 lines, exposed email addresses, billing information, contact numbers, and also included data on mobile outage records, network specifics, completed orders, and customer profiles. 'Perell' claimed the total number of data entries across all databases amounted to 2.9 million.

Potential methods of exploitation and impacts: 

SIM Cloning and Identity Theft: 

SIM cloning involves creating a duplicate SIM card with the same IMSI and authentication keys as the original. If attackers have access to IMSI numbers and associated SIM authentication keys (as claimed), they can potentially clone SIM cards. This process might involve using specialised software and hardware to write stolen IMSI and key data onto blank SIM cards.

Once cloned, a SIM card can be used to intercept messages and calls, bypassing two-factor authentication, accessing bank accounts, and committing fraud under another person’s identity. This not only compromises personal security but can also lead to significant financial losses for the victims.

"BSNL should initiate an urgent investigation to assess and contain the breach. Immediate steps include securing network endpoints and auditing access logs. Secondly, implementation of enhanced security measures, including frequent security audits and the adoption of advanced threat detection technologies," Athentian Technology says in its recommendations.

"BSNL users monitor their accounts for unusual activity, enable two-factor authentication on all accounts, and remain vigilant against phishing and social engineering attacks. They urge BSNL to promptly contain the breach, secure network endpoints, conduct thorough security audits, and implement advanced threat detection technologies to mitigate further risks," it added.