BSNL telecom data breach
A threat actor advertised roughly 278 GB of data stolen from India's state-owned telecom BSNL — including IMSI numbers, SIM details, home location register data, and security keys — exposing millions of subscribers to SIM-cloning and fraud, in the carrier's second breach in six months.
- Victim
- Bharat Sanchar Nigam Limited (BSNL)
In May 2024, a threat actor advertised roughly 278 GB of data allegedly stolen from Bharat Sanchar Nigam Limited (BSNL), India's state-owned telecom operator. The exposed material — telecom infrastructure data rather than ordinary contact lists — raised the prospect of large-scale SIM cloning and fraud, and marked the carrier's second breach in six months.
What happened
On 20 May 2024, a seller using the handle kiberphant0m listed the BSNL dataset on a hacking forum, valuing it at around $5,000. The listing was flagged in late June by digital-risk firm Athenian Technology, which published a threat report detailing the contents.
Unlike a typical customer-database leak, the stolen data reportedly included deeply technical telecom assets:
- International Mobile Subscriber Identity (IMSI) numbers
- SIM card details and Home Location Register (HLR) data
- Security keys and server snapshots from BSNL's operations
Security analysts warned that this combination is precisely what an attacker needs to clone SIM cards, intercept calls and one-time passwords, and conduct financial fraud or extortion against subscribers.
Impact
- The breach was assessed as exposing millions of subscribers to SIM-cloning risk, though BSNL did not publish a precise count of affected individuals.
- It was the operator's second known breach within six months, following an earlier December 2023 incident, raising concerns about systemic security weaknesses at the state carrier.
- India's Minister of State for Communications, Chandra Sekhar Pemmasani, formally confirmed the breach in Parliament on 24 July 2024.
Why it matters
The BSNL breach is significant because of the nature of the data, not just its volume. Server snapshots and security keys go beyond personal information: they touch the operational core of a national telecom network. SIM-cloning capability undermines the SMS-based one-time passwords that secure banking, government services, and Aadhaar-linked authentication across India. As a state-owned operator serving rural and strategic users, BSNL's repeated compromises sharpened scrutiny of critical-infrastructure cybersecurity in India and fed directly into debates over CERT-In reporting obligations and telecom security audits.
Timeline
A threat actor using the handle kiberphant0m lists roughly 278 GB of BSNL data for sale, priced at around $5,000.
Digital-risk firm Athenian Technology flags the listing and publishes a threat report detailing the exposed telecom data.
Indian media report that the breached data includes IMSI numbers, SIM details, HLR data, and security keys usable for SIM cloning.
India's Minister of State for Communications, Chandra Sekhar Pemmasani, confirms the BSNL data breach in Parliament.
Sources
- medianama.comhttps://www.medianama.com/2024/06/223-bsnl-undergoes-a-breach-with-278-gb-of-data-compromised/
- business-standard.comhttps://www.business-standard.com/companies/news/bsnl-data-breach-exposes-278-gb-of-sensitive-telecom-info-twice-in-6-mts-124062600314_1.html
- businesstoday.inhttps://www.businesstoday.in/technology/news/story/massive-bsnl-data-breach-exposes-millions-to-sim-card-cloning-financial-fraud-threat-report-434702-2024-06-26
- thecyberexpress.comhttps://thecyberexpress.com/india-confirms-bsnl-data-breach/