BSNL showcased negligent behaviour on Twitter by
sharing a customer's information publicly without regard for the consequences. The client wished to enquire where their recharge amount has disappeared, to which BSNL responded by posting his usage script on the platform.
Not only did this include his phone number and recharge amount, but the types of services and timestamps as well.
Source: RedditTransform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More BSNL has already been under pressure with regards to privacy after Baptiste Robert, with the alias
Elliot Alderson on Twitter, hacked into a multitude of BSNL websites. He apparently took advantage of a number of severe flaws in the company’s intranet to get complete details about
47,000 BSNL employees.
The tweet is no longer visible but that doesn’t take away from the callousness what the incident.
The BSNL story
Robert
shared that he had informed BSNL of their security issues and informed them that their subsidiary websites intranetuk.bsnl.co.in and intranethr.bsnl.co.in had been subject to ransomware. This oversight happened despite
Sai Krishna Kothapalli, informing BSNL about the same problem two years prior to Robert’s follow-up.
There were two more incidents where BSNL’s security was compromised, albeit not as severe. The first, where their real-time bandwidth monitoring system was available publicly and second, where directories of BSNL documents were accessible on the web for anyone to see.
Robert was able to get his hands on the names of all the employees by gaining access to BSNL’s intranet by using a malicious code. Through that, he was able to attain their personal information like cell phone numbers, dates of birth, salaries and compensation.
The state-owned telecommunications company issued a statement saying, “BSNL, being one of the largest Telecom Operators in India, is fully prepared to prevent any data loss related to its employees, customers or stakeholders.”
Lapse data protectionThis is not the only vulnerability in the network of publicly owned online portals in the country. Robert had also
informed the Bengaluru City Police, Telangana government as well as the Punjab Police about the gaps in their security.
A
report by the Indian Computer Emergency Response Team (CERT-In) shows that in 2017 alone, there were a whopping 53,081 cyber security incidents. The National Crime Record Bureau (NCRB) has reported that there have been a total of 12,317 cyber crime cases registered in 2016.
As of now, India doesn’t have any laws that explicitly address data protection or privacy. Even the Indian Constitution doesn’t unequivocally grant the “right to privacy.” The
Indian IT Act 2000 does cover civil and criminal penalties for disclosure and misuse of personal data, but has largely been
negligent in implementing their policies and maintaining a reasonable environment of security. This has resulted in criminals taking advantage of loopholes in the system.
BSNL isn’t aloneWith respect to mobile service provides, Reliance Jio and Bharti Airtel have also faced scrutiny for not being diligent about their security practices. Just last year, Jio was the victim of a data leak, where they first claimed that the information was
unsubstantiated and later filed a report with the authorities. Their findings exhibited that it was a case of ‘
unauthorised access’ rather than ‘theft’. Nonetheless, the leak contained information that was sensitive, such as Aadhar card numbers and PAN details, pertaining to Jio customers.
Source: lalluram.comAirtel, on the other hand, was opening Airtel Payments Bank accounts for their customers without their ‘informed consent’. After users conformed to Aadhar-based SIM verification, it was found that even their LPG subsidies were being directed into the Airtel bank without them having any idea about it. This
resulted in the Unique Identification Authority of India (UIDAI) suspending Airtel’s e-KYC license temporarily.
Today’s incidence is only a small part of the larger predicament faced by the Indian government. The MeitY had invited comments on its
white paper draft back till January 2018. The paper attempts to answer questions on privacy and data protection, but whether it is turned into law is yet to be seen.
Next Story
Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
One of the world's only 5-star airlines seems to be considering asking business-class passengers to bring their own cutlery
Experts warn of rising temperatures in Bengaluru as Phase 2 of Lok Sabha elections draws near
Axis Bank posts net profit of ₹7,129 cr in March quarter
7 Best tourist places to visit in Rishikesh in 2024
From underdog to Bill Gates-sponsored superfood: Have millets finally managed to make a comeback?
7 Things to do on your next trip to Rishikesh
