A cybersecurity team reported on Sunday that telco giant Vodafone Idea (Vi) had exposed customer’s sensitive and confidential personal data including call logs of nearly 301 million customers to the whole internet. The telco has said that the report is false and refuted the claim of data breach.
CyberX9’s report has revealed that Vi had several critical security vulnerabilities that put at risk sensitive data of 301 million customers. This also included data of all (~20 million) postpaid Vi customers. The cybersecurity team said that one of the vulnerabilities in question was open for about two years.
Vi has rebutted by saying that the report is false and malicious in nature.
The report from the cybersecurity research team says that Vi had only fixed the vulnerabilities in its system after being notified.
“Vodafone Idea had put millions of its customers data (call logs, etc.) at absolute risk and absolutely damaged their privacy of private lives due to Vodafone Idea’s carelessness towards security of customer data,” said the CyberX9 report.
The potential of exploitation of the vulnerabilities is high as they remained open to attacks for approximately two years.
Vi has although maintained that its customer data is safe and secure.
The news of a data compromise could further affect the company as it continues to loses subscribers this year.
Vi lost nearly 7 million subscribers by May this year. As of June 30, Vi had 22.37 per cent of the telco industry, losing 0.7 per cent of its subscribers in June (according to TRAI data).