Call data of 20 million Vodafone Idea customers exposed, claims report; firm denies
The report by cyber security research firm CyberX9 said that multiple vulnerabilities in the system of Vodafone Idea (Vi) exposed the call data records, comprising the time when a call was made, the call's duration, the call's location, the customer's full name and address, and SMS details comprising the contact number to which it was sent.
A report by cyber security research firm CyberX9 has said multiple vulnerabilities in the system of Vodafone Idea (Vi) exposed the call data records of 20.6 million customers subscribed to the telecom giant's postpaid services. The report said vulnerabilities exposed the call data records, comprising the time when a call was made, the call's duration, the call's location, the customer's full name and address, and SMS details comprising the contact number to which it was sent.
The call data records exposed also compromised the personal data of such postpaid customers, their internet usage and roaming details, the report added.
Speaking to news agency PTI, CyberX9's founder and managing director Himanshu Pathak said on Sunday the firm shared its entire findings with Vodafone Idea via email.
"Later on August 22, Vi confirmed the receipt of our report. Vodafone Idea acknowledged the vulnerabilities discovered and reported by us on August 24," Pathak said.
Vodafone Idea, meanwhile, had denied the claim of the call data of 20 million postpaid customers being exposed.
"There is no data breach as alleged in the report. The report is false and malicious. Vi has a robust IT security framework to keep our customer data safe," the telecom giant told PTI.
Vodafone Idea added it regularly carried out checks and audits to further strengthen its security framework.
“We learnt about a potential vulnerability in billing communication. This was immediately fixed and a thorough forensic analysis was conducted to ascertain no data breach,” the telecom giant further told PTI.
Vodafone Idea also said it notified the potential vulnerability to appropriate agencies and made due disclosure.
"Vi customer data remains fully safe and secure," Vi added. It also disclosed the vulnerability on its website.
PTI further reported that CyberX9 contested the above claim and said that Vodafone Idea was exposing call logs and other sensitive data of millions of customers for at least the last two years.
"It is an absurd and baseless claim of Vi that they've done a forensic audit and no breach was found. Such a detailed forensic audit would at least take a couple of months to be done," CyberX9 said.
The firm also claimed that the personal data of 55 million people, including those who have left Vodafone Idea and those who only showed interest in getting a Vi connection, was at risk.
(With PTI inputs)