What Happened
In 2024, Bharat Sanchar Nigam Limited (BSNL), India’s government-owned telecom provider, suffered a significant data breach reported by CERT-In on May 20, when threat actor “kiberphant0m” (later linked to US Army soldier Cameron John Wagenius, arrested in December 2024) leaked approximately 278 GB of sensitive data on BreachForums, including international Mobile Subscriber Identity (IMSI) numbers, SIM card details, Home Location Register (HLR) data, security keys, call logs (from May 2024 and 2020), and SOLARIS server snapshots, which could enable SIM cloning and network intrusions; the actor offered it for sale at $5,000. India’s Minister of State for Communications confirmed on July 24 that an FTP server held matching sample data but no HLR breach occurred, avoiding service outages, prompting BSNL to change FTP passwords and the government to form an inter-ministerial committee for telecom audits. This marked BSNL’s second breach in six months, highlighting telecom vulnerabilities amid its use for government communications.
