This could be the biggest data breach in India. The data is supposedly leaked on a website called magicapk. The leaked details include sensitive user information such as- Name, Jio number, the region from where the sim has been activated, email id and even Aadhar number has been exposed. Magicapk showed the user information in detail however, the website was sluggish claims user who tried to access information.
The account of magicapk has been suspended. Jio has finally made a police complaint for unlawful access to its system, which is the first acknowledgement of the massive breach. Earlier the telco denied any breach but it looks like the breach did occur. Jio has also claimed that all the necessary security measures have been taken. The extent of the breach is unknown. Jio has more than 100 million users on its network we are potentially looking at a massive data breach which is a grave concern to user privacy.
Although the company claims that no major data has been breached and on preliminary examinations it looks like the data for early adopters of Jio has surfaced instead of the entire database. This does not deny the seriousness of the fact that user data is at risk with increased number of cyber-attacks in the last one year.
Police has detained a person in western state of Rajasthan on suspicion of involvement in the breach. However, the police officer has said that preliminary examinations suggest that no major data has been leaked. The person in context was apparently selling the data online claiming it to be from the original source.
We saw two major cyber-attacks in last 3 months with major port shutting down (JNPT) as well as ransomware attacks which lead to affecting multiple government bodies across country.
Clearly the situation calls for companies to be extremely cautious of data security, use stringent protocols and access rights to sensitive information. There is also a need to upgrade and update security measure around the clock. The situation also calls for stringent data protection laws which are missing in India. There is no mandate for companies to inform its client if such a breach occurs.
Logix Infosecurity deploys best-in class measures to keep your cyber security strong and data safe. DLP measures as well as security layers against the ransomware attacks are necessary to avoid embarrassing situation like the one at Reliance Jio.