Reliance Jio acknowledges systems breach in police complaint

Reliance Jio, which is looking into reports of a major leak of user data, has filed a police complaint alleging "unlawful access to its systems," a police officer involved in the investigation said. The complaint is the telecom company's first official acknowledgement of a breach.

By: Reuters | Mumbai | Published:July 13, 2017 10:30 am
Reliance Jio, Jio data breach, Reliance Jio data leaked, Jio data leaked online, Jio Data magicapk, Jio data stolen, Reliance Jio data theft, Jio data hacked, Jio hacked Reliance Jio, which is looking into reports of a major leak of user data, has filed a police complaint alleging “unlawful access to its systems.” (Representational Image)

India’s Reliance Jio Infocomm Ltd, which is looking into reports of a major leak of user data, has filed a police complaint alleging “unlawful access to its systems,” a police officer involved in the investigation said on Wednesday. The complaint is the telecom company’s first official acknowledgement of a systems breach. Jio has so far denied media reports and user accounts of a leak.

The officer involved in the investigation said Jio filed the complaint on Monday in Navi Mumbai, where it is headquartered. Jio, part of conglomerate Reliance Industries Ltd, did not respond to a Reuters request for comment on Wednesday.

Several local news sites reported late on Sunday that names, telephone numbers and email addresses of Jio users were visible on a site called ‘Magicapk,’ which was subsequently taken down. Jio, headed by India’s richest man Mukesh Ambani, rubbished the website’s claims and said its subscriber data was safe and maintained with the highest security. It said that data on the ‘Magicapk’ website appeared to be “unauthentic.”

Many local news outlets such as Indian Express and MediaNama however, contradicted these claims. They reported being able to cross reference and confirm the veracity of the data on numerous Jio customers known to them.

Experts say India has inadequate data protection laws that do not mandate companies or agencies to notify clients if their personal data has been breached. Advocates for stronger data protection laws say this results in data leaks often going unreported.

“There is a clear stigma attached to being hacked, or data being stolen,” said Akash Mahajan, a web security consultant in Bengaluru, adding this is why companies in India often do not admit to data breaches.

AADHAAR APPEARS SAFE

On Tuesday, Reuters reported that police in the western state of Rajasthan detained a man on suspicion of involvement in the breach, which cyber security analysts say could be the first large-scale leak from an Indian telecoms firm.

The officer involved in the matter declined to give further detail on the investigation, but said preliminary evidence indicated the widely-used “Aadhaar” numbers of Jio customers were not compromised in the leak.

Jio, which launched last September, already boasts over 100 million subscribers after drawing in users with months of free service and now cut-price deals. It is not clear whether data on all 100 million plus customers was compromised. Many users registered for Jio using their 12-digit Unique Identification Authority of India (UIDAI) number, commonly known as the Aadhaar number.

The government is pushing for Aadhaar numbers to be used in everything from opening a bank account to filing tax returns. The number, which works in a similar way to US Social Security numbers, is unique to each Indian citizen and stores users’ biometric data in a centralised database.

The case was registered under Section 66 of the Information Technology Act, which deals with any unauthorized access to a computer network, and Section 379 of the Indian Penal Code, which deals with theft.

For all the latest Technology News, download Indian Express App

  1. #
    #AADHAARFAIL
    Jul 14, 2017 at 11:30 am
    When your fingerprint gets stolen, printed and used for aadhaar pay, cloning SIM and changing bank password using OTP, your aadhaar devotion will come out from other end. Jai Hind. 1. 25 lakh families in Rajasthan are unable to withdraw ration even after seeding #AADHAARFAIL with their ration card. 2. #AADHAAR authentication does not work for half billion Indians. 3. AADHAAR authentication does not work even after updating bio-metrics and waiting for 90 days 4. AADHAAR bio-metrics can be stolen, printed and used for #AADHAAR pay 5. #AADHAAR does not work for NRIs, people outside India 6. AADHAR can not be generated if a person's fingerprint matches with someone else's with 60 percentage probability. 7. Rogue government can deactivate your #AADHAAR blocking ur gas, electricity, mobile, bank account 8. AADHAAR works for millions of illegals staying in India 9. AADHAAR is blocking subsidies for millions of legitimate people 10. Take 10 lakh insurance for each #AADHAAR failure case/delete
    Reply