Jio admits to breach in security, denies info leak
Reliance Jio Infocomm Ltd, which is looking into reports of a major leak of user data, has filed a police complaint alleging “unlawful access to its systems,” a police officer involved in the investigation said on Wednesday.
The complaint is the telecom company’s first official acknowledgement of a systems breach. Jio has so far denied media reports and user accounts of a leak.
The officer involved in the investigation said Jio filed the complaint on Monday in Navi Mumbai, where it is headquartered.
Jio, part of conglomerate Reliance Industries Ltd, did not respond to requests for comment on Wednesday.
Several news reports claimed on Sunday that names, telephone numbers and email addresses of Jio users were visible on a site called ‘Magicapk,’ which was subsequently taken down.
Mukesh Ambani-led Jio rubbished the website’s claims and said that its subscriber data was safe and maintained with the highest security. It said that data on the ‘Magicapk’ website appeared to be “unauthentic.”
MediaNama, however, contradicted these claims. They reported being able to cross reference and confirm the veracity of the data on numerous Jio customers known to them.
Experts say India has inadequate data protection laws that do not mandate companies or agencies to notify clients if their personal data has been breached. Advocates for stronger data protection laws say this results in data leaks often going unreported.
“There is a clear stigma attached to being hacked, or data being stolen,” said Akash Mahajan, a web security consultant in Bengaluru, adding this is why companies in India often do not admit to data breaches. On Tuesday, police in Rajasthan detained a man on suspicion of involvement in the breach, which cyber security analysts say could be the first large-scale leak from an Indian telecoms firm.
The officer involved in the matter declined to give further detail on the investigation, but said preliminary evidence indicated the widely-used “Aadhaar” numbers of Jio customers were not compromised in the leak.
Jio has over 10 crore subscribers after drawing in users with months of free service and now cut-price deals. It is not clear whether data on all 100 million plus customers was compromised. Many users registered for Jio using their 12-digit Aadhaar number issued by the government.