After a customer complained about his recharge amount on twitter, BSNL India responded by pasting his usage information on the public platform. The screenshot included his phone number and recharge amounts with timestamps.
Recently, they’ve already been under fire after Elliot Alderson, a cybersecurity engineer and vigilante hacker, claimed to have hacked various BSNL websites to obtain data about its employees. BSNL did respond saying that the websites that were hacked didn’t have any data that was specific to its customers. The PSU issued a statement saying that, “BSNL, being one of the largest Telecom Operators in India, is fully prepared to prevent any data loss related to its employees, customers or stakeholders.”
Just last year, Reliance Jio faced data leak where the authorities claimed that it was a case of ‘unauthorised access’ rather than ‘theft’. The data contained sensitive information about a lot of the customers including Aadhar card details and PAN numbers.
The year before that, Airtel was in the spotlight for being suspended by the Unique Identification Authority of India (UIDAI) for using Aadhar-based SIM verification to open Airtel Payments Bank accounts for its customers without their ‘informed consent’. Even LPG subsidies provided by the Government were being transferred into these accounts without the customers having any idea.
It is said that the issue is that India doesn’t have strong privacy laws that can be enforced to hold telecom companies accountable for data that has been leaked or stolen.