comscore
News

Reliance Jio data breach occurred at vendors' end, EY probe reveals

The probe revealed that Jio apps and sites were secure.

Reliance-Jio

On Sunday, critical data of Reliance Jio customers was leaked on a website, revealing the name, date of activation of the number, along with the linked Aadhaar card. The company maintained that its systems were secure. Now, an initial probe by EY reveals Jio’s apps and sites were secure and if there was any breach, it could have been at the external vendors’ end.

Following the potential breach, Reliance Jio roped in consultancy EY to investigate the case, ET reports. Jio has also reported the data breach incident to Cert-In, the ministry agency that tracks computer security. The operator has also filed an FIR with the cyber crime cell of Navi Mumbai Police.

In what is touted as one of the biggest data breaches in India, an independent website called magicapk.com, allowed anyone to enter a Jio number and get access to critical customer details at the click of a button. Although the website had been pulled down a few hours after the discovery, it nonetheless put to risk the personal details of over 120 million Jio customers. In an official statement, Jio said, “We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken.”

In an official statement, Jio said, “We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken.”

It is unclear if the website was pulled down by the creator or by law agencies owing to the breach. So far, no details have emerged about the owner of the domain, however, it is known to be hosted at GoDaddy. ALSO READ: 135 million Aadhaar numbers made public by four government portals: CIS report

With the commercial roll out of Jio services, the operator rose to immediate success owing to the affordable internet and calling plans that none of the incumbent operators have been able to match. Given the affordability, the userbase has grown by leaps and bounds. However, the latest data breach which puts to risk information such as the Aadhaar card details which is then also linked to bank accounts and credit cards. While there hasn’t been any report of the leaked details been misused, the potential mal-activity is imaginable.

Recently, Indian firms have been hit by ransomware WannaCry and Petya. Jio’s breach, which comes on the heels of the ransomeware attacks, has now alerted fellow operators as well. At the launch of the Project Next, Airtel India CEO Gopal Vittal said that data breach is a real threat and affects not only telcos but also banks and credit card companies.

  • Published Date: July 11, 2017 11:19 AM IST