India's Reliance Jio Denies Data Breach, Says User Data Safe, Investigations On

MUMBAI (NewsRise) — Indian telecom operator Reliance Jio Monday downplayed reports of a data breach and reassured subscribers about the safety of sensitive personal information after anxious users took to Twitter to point out that many details had been exposed on a website called "magicapk."

Newcomer Jio already has more than 112 million subscribers. If the data breach is established, it could be one of the first instances affecting a local mobile service provider in recent times, said Sunil Abraham, the executive director for Center for Internet and Society. The incident could also hurt Jio, which is in the midst of an aggressive plan to increase its market share by slashing tariffs, hurting profits across the industry.

"We have come across the unverified and unsubstantiated claims of the website (magicapk) and are investigating it. Prima facie, the data appears to be unauthentic," Jio said in a statement. "We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken," the statement added.

According to media reports, the incident came to light Sunday evening when magicapk surfaced on many Indian social media channels asking Jio users to input their mobile phone numbers on its site and view details. Multiple Twitter users in India then confirmed that they could see sensitive personal data, including their name, mobile number, email address and their unique identity number called Aadhaar when they did so.

The 12-digit Aadhaar number, similar to the Social Security number in the U.S., is assigned to Indian residents and is backed by iris and fingerprint scans that allow user credentials to be verified. Jio was one of the first Indian mobile phone companies to sell SIM cards using Aadhaar as the main proof for customer verification.

According to reports, magicapk had crashed by late Sunday evening. There are no details on who owned magicapk and a message on the site says the account has been suspended.

"We want to assure our subscribers that their data is safe and maintained with the highest security. Data is only shared with authorities as per their requirement," Jio said in the statement.

At present, there is no policy that requires entities in India to keep consumers informed of breaches. A national cyber-security policy created in 2013 is yet to be implemented. The new policy proposes creating a national body to deal with all cyber security related matters.

India's vulnerability to cyberattacks is increasing as more people access the web and more data is stored online.

In May, food ordering site Zomato.com said it was hit by a security breach and over 17 million user records were stolen from its database.

After a massive breach of data related to debit cards belonging to several banks such as State Bank of India, HDFC Bank, and ICICI Bank that compromised as many as 3.21 million cards in October, the Reserve Bank of India proposed creating a panel on cyber security to examine various threats and suggest measures to deal with them.