According to Reuters, the telecom company has suffered a major data breach, compromising the personal data of over 100 million customers. Nevertheless, it has repeatedly denied any breach took place and said that names, telephone numbers and email addresses of Jio users on a website called “Magicapk” appeared to be “unauthentic”. Still, the website was later shut down, the online publication continues.
Companies in India do not have to disclose data breaches to clients, in contrast to companies in the European Union, which has stringent data protection standards, information security professionals said for Reuters.
The policy director at the Centre for Internet and Society (CIS), a research organization, said for Reuters that India has a law that demands companies to report breaches, but it is unenforceable. It says a company is not liable if it is following reasonable security practices. What “reasonable” means is not defined.
Since 2012, India, home to the back offices of many large multinationals and outsourcing companies, has unsuccessfully sought “data-secure” status from the European Union.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now