ISLAMABAD: Telecommunication companies have denied allegations that sensitive information belonging to telecom subscribers has been leaked and is available on the internet.
The denial comes after news had been circulating for the past few days, regarding an alleged breach of Telenor’s and Jazz’s database.
According to screenshots posted by some Twitter accounts, the leaked information includes names, mobile numbers, CNIC numbers, and addresses of telecom subscribers.
Telenor & Jazz database hacked!
For sale @ 250$ only.
Contain information of all users, CNIC, biometric and addresses.
— Economy of Pakistan (@Pakistanomy) January 15, 2022
The Twitter accounts have also alleged that the data is being sold on Telegram in exchange of crypto currencies equivalent to $250.
Telenor private database is on sale by a hacker for Bitcoin/ Tether/ Ethereum equivalent to USD 250.
Contains 11 files in .accdb (Access Database) format containing 67.48 million records with columns titled 'Number', 'Name', 'CNIC' and 'Address'.
Total size: 14.3 GB. pic.twitter.com/GAZcmA6tX9
— Zaki Khalid (@misterzedpk) January 15, 2022
Telenor Head of Communications Saad Mustafa, while talking to Profit categorically denied the allegations and said: “Some elements on social media are alleging that customer information of more than one Pakistani mobile operator has been compromised and is available on the web. Based on our initial internal investigations we can confirm that no customer data breach has transpired from any of Telenor Pakistan’s system(s). We will continue to further investigate this matter.”
“Telenor Pakistan strongly believes in customer data privacy and takes all matters related to cyber security very seriously. We have in place advanced and comprehensive cyber security systems and procedures to detect and fend off cyber threats and take necessary protective measures. Our paramount priority is to keep our customer data secure.”
Jazz also tweeted: “Jazz continues to develop advanced cyber security capabilities to actively protect its networks, products and customer data. There have been no reports of any unwanted activity on our network or breach of subscribers’ data.”
Jazz continues to develop advanced cyber security capabilities to actively protect its networks, products and customer data. There have been no reports of any unwanted activity on our network or breach of subscribers' data. (1/2)
— Jazz (@jazzpk) January 15, 2022
“Protection of our customers’ data in compliance with relevant authorities & legal frameworks remains our key priority. Alleged claims of data leak on social media, although seem baseless, will still be investigated in line with the importance Jazz attaches to data security.”
However, an analyst who works at Jazz, while talking on the condition of anonymity, conceded to the possibility of a data breach. “There is a possibility of data breaches occurring during system migration and upgradation activities,” he said. It is to be noted that during November 2021, Jazz did upgrade its legacy system to a digital one.
On the other hand, Rafay Baloch, a cyber security researcher, while talking to Profit denied the possibility of any recent data breach. “As per my analysis of the posts on the underground forum, there is no evidence to support the claim of any recent breach of telco subscriber data as highlighted in the post,” he said.
Incidents of data breaches have been a recurring event over the past few years. In 2020, Rewterz, a cyber security firm in Pakistan, discovered a data dump of 115 million Pakistani mobile users that was being sold on the dark web.
These datasets contain sensitive personal information like CNIC numbers, addresses, phone numbers, biometric details etc. which can be used for online identity theft, phishing, financial crimes and other criminal activities like blackmailing.
However, while the matter is of critical importance, The Ministry of Information Technology and Telecommunication (MOITT) has been unable to get the Personal Data Protection bill approved by the assembly as of yet.