The vulnerability exposed post-paid customers’ call data records, comprising the time when a call was made, duration of call, location from which the call was made, customer’s full name and address, SMS details comprising contact number to which it was sent, among others
Call data records of around 20 million post-paid customers have been exposed by multiple vulnerabilities in the system of telecom operator Vodafone Idea, said cyber security research firm CyberX9 in a report.
However, Vodafone Idea (Vi), said there was no breach of data records and potential vulnerability in its billing communication was immediately fixed after it learned about it.
The vulnerability exposed post-paid customers’ call data records, comprising the time when a call was made, duration of call, location from which the call was made, customer’s full name and address, SMS details comprising contact number to which it was sent, among others, according to CyberX9 report.
With Vodafone Idea, the firm had shared entire findings through email and a company official had acknowledged the vulnerability on 24 August, said Himanshu Pathak founder and managing director of CyberX9.
CyberX9 reported details to Vi on August, Pathak said.
“Later on 22 August 2022, Vi confirmed the receipt of our report. Vodafone Idea acknowledged the vulnerabilities discovered and reported by us on 24 August 2022,” Pathak said.
Vodafone Idea said, “There is no data breach as alleged in the report. The report is false and malicious. Vi has a robust IT security framework to keep our customer data safe.”
“We regularly conduct checks and audits to further strengthen our security framework. We learnt about a potential vulnerability in billing communication. This was immediately fixed and a thorough forensic analysis was conducted to ascertain no data breach,” it said.
The company further said, adding, “Vi customer data remains fully safe and secure,” it has notified about the potential vulnerability to appropriate agencies and made due disclosures.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics