A report by cybersecurity research firm CyberX9 said multiple vulnerabilities in Vodafone Idea’s (Vi) system revealed the call data records of 20.6 million subscribed customers of the telecommunications giant’s postpaid services. . The report says the vulnerabilities exposed call data records, including the time a call was made, call duration, call location, full name and address of the customer and the details of the SMS including the contact number to which it was sent.
Exposed call data records also compromised these postpaid customers’ personal data, internet usage and roaming details, the report adds.
Speaking to news agency PTI, CyberX9 founder and chief executive Himanshu Pathak said on Sunday that the company had shared its full findings with Vodafone Idea via email.
“Later on August 22, Vi confirmed receipt of our report. Vodafone Idea acknowledged the vulnerabilities discovered and reported by us on August 24,” Pathak said.
Vodafone Idea, meanwhile, had denied the claim that the call data of 20 million postpaid customers had been exposed.
“There is no data breach as alleged in the report. The report is false and malicious. Vi has a robust IT security framework to protect our customers’ data,” the telecommunications giant told PTI.
Vodafone Idea added that it regularly performs checks and audits to further strengthen its security framework.
“We discovered a potential vulnerability in the billing communication. This was immediately remedied and a thorough forensic analysis was conducted to verify that there was no data breach,” the giant further said. telecommunications at PTI.
Vodafone Idea also said it notified the potential vulnerability to the appropriate agencies and made proper disclosure.
“Vi’s customer data remains completely safe and secure,” Vi added. It also disclosed the vulnerability on its website.
PTI further reported that CyberX9 disputed the above claim and said Vodafone Idea has been exposing call logs and other sensitive data of millions of customers for at least two years.
“It is an absurd and baseless assertion by Vi that they performed a forensic audit and no violations were found. Such a detailed forensic audit would take at least a few months to complete,” said declared CyberX9.
The company also claimed that the personal data of 55 million people, including those who left Vodafone Idea and those who only expressed an interest in getting a Vi login, was at risk.
(With PTI inputs)