Personal data of 30 crore Vodafone Idea users leaked? Here's what the company said

Vi acknowledged a flaw in its billing communication system, though it fixed the issue "immediately". But the company denies allegations of a data breach.

Vi (formerly Vodafone Idea) has responded to a claim that a bug in its system caused a data breach. According to a cyber security research team, CyberX9's multiple critical security vulnerabilities "exposed customer's sensitive and confidential personal data including call logs of nearly 301 million (30.1 crores) customers to the whole internet". This allegedly includes data of 20 million postpaid Vi customers.

Livemint reports that Vi acknowledged a flaw in its billing communication system, though it fixed the issue "immediately". The report adds that Vi conducted a "thorough forensic analysis", which revealed there "was no data breach".

Vi also went a step ahead and called the research team's claims "false and malicious". In its defence, the telco said that it performs "regular checks" and audits are conducted to strengthen the security infrastructure.

In a blog post, CyberX9 said:

--Vi put millions of its customers' data (call logs, call duration, location from where the call was made, and phone number) at absolute risk and "damaged" their privacy of lives. The blog even calls the company careless "towards the security of customer data."

--It adds, "Exploitation of these vulnerabilities was very easily possible on a large scale by a malicious attacker".

--The report highlights that Vi left one of the main discovered vulnerabilities open for cyber attacks for the last two years.