A cybercriminal has claimed to have compromised the network of Route Mobile, one of the leading Cloud communication platform service providers based in Mumbai, allegedly accessing internal data of Tata Communications and selling them on Telegram for $5,000. However, both Route Mobile and Tata Communications denied the claims on Tuesday.
According to independent security researcher Rajshekhar Rajaharia, the seller is claiming to have 16GB compressed files, including over 10 million rows of data.
"For selling the data, the hacker has created a Telegram group. On the Dark Web forum, he claims to have Tata Communications' data. But on Telegram, he claimed that the source was Route Mobile," Rajaharia told IANS on Tuesday.
"The hacker claims that Route Mobile is the private technical team of Tata Communications, and this team has full access to the internal network," said the cyber security researcher, while sharing the screenshots of data dump.
In a reply to IANS, Route Mobile said that unverified posts and claims are being circulated about an alleged data breach at the company.
"Our cyber security team is aware of these alleged claims and are currently investigating the same. As of today, we can confirm that Route Mobile's systems are secure and there is no evidence to suggest that this has any impact on Route Mobile customers' personal data," the company said.
"As we take all data security claims seriously, we have engaged a third-party cyber security consultant to independently verify and audit our findings," Route Mobile added.
Meanwhile, Tata Communications said that security of its customers is of paramount importance.
"Our global information security team has investigated the matter. We believe there is no consequence, neither for Tata Communications nor for any of our customers. We have already issued legal notices to the concerned parties. We reiterate our commitment to ensure the safety of our customers' data," the company said in a statement.
The hacker claims to have data involving mobile numbers, HR log, customer documents, short message peer-to-peer (SMPP) log, SMS logs and employee details, etc.
According to Rajaharia, the hacker first claimed $18,000 for the data dump, but he is currently asking for $5,000. There have been a string of hacking incidents involving Indian firms in the recent past, including Bigbasket, BuyUcoin, JusPay, Upstox and others.