|
India's Reliance Jio
files complaint over unlawful system access: police
Send a link to a friend
 [July 12, 2017]
By Rajendra Jadhav and Rahul Bhatia
MUMBAI (Reuters) - India's Reliance Jio
Infocomm Ltd [RELIB.UL], which is looking into reports of a major leak
of user data, has filed a police complaint alleging "unlawful access to
its systems," a police officer involved in the investigation said on
Wednesday.
The complaint is the telecom company's first official acknowledgement of
a systems breach. Jio has so far denied media reports and user accounts
of a leak.
The officer involved in the investigation said Jio filed the complaint
on Monday in Navi Mumbai, where it is headquartered.
Jio, part of conglomerate Reliance Industries Ltd <RELI.NS>, did not
respond to a Reuters request for comment on Wednesday.
Several local news sites reported late on Sunday that names, telephone
numbers and email addresses of Jio users were visible on a site called 'Magicapk,'
which was subsequently taken down.
Jio, headed by India's richest man Mukesh Ambani, rubbished the
website's claims and said its subscriber data was safe and maintained
with the highest security. It said that data on the 'Magicapk' website
appeared to be "unauthentic."
Many local news outlets such as Indian Express and MediaNama however,
contradicted these claims. They reported being able to cross reference
and confirm the veracity of the data on numerous Jio customers known to
them.
Experts say India has inadequate data protection laws that do not
mandate companies or agencies to notify clients if their personal data
has been breached. Advocates for stronger data protection laws say this
results in data leaks often going unreported.
"There is a clear stigma attached to being hacked, or data being
stolen," said Akash Mahajan, a web security consultant in Bengaluru,
adding this is why companies in India often do not admit to data
breaches.
[to top of second column]
 |
Commuters are reflected on an advertisement of Reliance Industries'
Jio telecoms unit, at a bus stop in Mumbai, India, February 21,
2017. REUTERS/Shailesh Andrade
AADHAAR APPEARS SAFE
On Tuesday, Reuters reported that police in the western state of Rajasthan
detained a man on suspicion of involvement in the breach, which cyber security
analysts say could be the first large-scale leak from an Indian telecoms firm.
The officer involved in the matter declined to give further detail on the
investigation, but said preliminary evidence indicated the widely-used "Aadhaar"
numbers of Jio customers were not compromised in the leak.
Jio, which launched last September, already boasts over 100 million subscribers
after drawing in users with months of free service and now cut-price deals. It
is not clear whether data on all 100 million plus customers was compromised.
Many users registered for Jio using their 12-digit Unique Identification
Authority of India (UIDAI) number, commonly known as the Aadhaar number.
The government is pushing for Aadhaar numbers to be used in everything from
opening a bank account to filing tax returns. The number, which works in a
similar way to U.S. Social Security numbers, is unique to each Indian citizen
and stores users' biometric data in a centralized database.
The case was registered under Section 66 of the Information Technology Act,
which deals with any unauthorized access to a computer network, and Section 379
of the Indian Penal Code, which deals with theft.
(Reporting by Rajendra Jadhav and Rahul Bhatia; Additional reporting by Sankalp
Phartiyal; Writing by Euan Rocha; Editing by Christopher Cushing and Mark
Potter)
[© 2017 Thomson Reuters. All rights
reserved.] Copyright 2017 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |
