A bug was found in India's third-largest mobile network Airtel that could endanger the personal data of its more than 300 million users. This technical flaw was found in the application program interface (API) of Airtel's mobile app. Through this, hackers could access customer information only through numbers.
This information included things like name, date of birth, email, address, subscription-related information, and IMEI number. However, this bug has now been fixed. Airtel spokesperson said, "Airtel's digital platform is highly secure. Customer privacy is very important to us and we make the best possible arrangements to ensure the security of our digital platform."
The bug was detected by independent security researcher Ehraj Ahmed. He had said that this flaw was revealed in just 15 minutes. Apart from the information mentioned above, the IMEI number of consumers could also be traced. The IMEI number is a unique number assigned to each mobile device.
How serious could it be?
According to the Telecom Regulatory Authority of India (TRAI) report, by the end of 2019, Airtel had around 32.5 million subscribers. Airtel is the third-largest customer in terms of customers after Vodafone-Idea (37 million 20 lakh) and Reliance Jio (35 crores 50 million). In October this year, a local search service called Just Dial detected a flaw in its API. This drawback could have affected 1.56 million users in India.
What does the law say?
There is no specific law for data security in India. However, on the lines of the General Data Protection Regulation (GDPR) of the European Union, the government prepared a draft private data protection law in 2018 known as the Personal Data Protection Bill. This proposed law prescribes rules for collecting, processing and storing data, with penalties and compensation. The Union Cabinet chaired by Prime Minister Narendra Modi has approved the Private Data Protection Bill on December 4.