Fears that telecom upstart Reliance Jio suffered a major data breach, compromising the personal data of over 100 million customers, have prompted calls for the country to adopt more robust laws to protect consumers. Jio has repeatedly denied any breach took place and said that names, telephone numbers and email addresses of Jio users on a website called “Magicapk” appeared to be “unauthentic.” The website was later shut down.
The company, part of conglomerate Reliance Industries Ltd , said on Monday that its subscriber data was safe and protected by the highest levels of security. However, Jio filed a complaint the same day alleging unlawful access to its systems, police have told Reuters. Jio did not respond to requests for comment.
In contrast to companies in the European Union, which has stringent data protection standards, companies in India do not have to disclose data breaches to clients, information security professionals said. “It raises questions of security and accountability,” said Pranesh Prakash, policy director at the Centre for Internet and Society (CIS), a research organisation. People complained on Twitter about personal information of Jio users being available on the Magicapk site. Several local news outlets said their checks had led them to believe a leak had occurred.
“A rule to report breaches exists, but it is unenforceable,” says Prakash. “It says you’re not liable if you’re following reasonable security practices. What ‘reasonable’ means is not defined.” Advocates of stronger laws in India say a data breach in countries with more stringent cyber…