Investigations Have Started into the Reliance Jio Data Breach
For the last few days, the Indian media has been abuzz with the news that the personal data of over 100 million customers of the Indian telecom giant Reliance Jio had been breached. Reports said that the leaked consumer data had been posted online at a website called magicapk.com, which is now offline. Now, reports say that Reliance Jio has begun investigating the issue.
The website that posted the leaked data, magicapk.com, has been suspended, but in the time that it remained online, anyone could have obtained Jio users’ personal info. Info posted online included users’ first and last names, emails, and account activation date and other details. It is speculated that AADHAAR numbers (a unique identifier provided by the government to each user) were posted.
What is the Scale of the Breach?
Reliance Jio, whose network is spread all across India, is a subsidiary of the Indian conglomerate Reliance. It provides a wireless 4G LTE service network. It was launched on December 27, 2015, and commercially launched on September 5, 2016. Jio is the only 100% Voice-over-LTE (VoLTE) provider in India. Jio lines were provided to users after they registered using their AADHAAR number, which stores users’ biometric data in a centralized database. Since launch, the company has added 120 million subscribers.
The data breach and online appearance of user data were reported on Sunday. Even earlier, there were stirrings on a message board that a breach had occurred. In addition, it is believed that screenshots of user data were available on the dark web. Independent security researchers say that it is not feasible to estimate the scale of the breach at the moment.
Investigations have started into the cause of the data breach. The initial investigations by EY found that Jio’s apps and websites were secure, and that the hack may have taken place through an external vendor. Reliance Jio reported the data breach to Cert-In the government agency that tracks computer security. Cert-In is conducting an investigation. Reliance Jio has referred to the data breach claims as “unsubstantiated” and “unverified.” The company stated that subscriber data is safe.