Update: According to IANS, an initial police probe has found that there is no theft of data by a computer engineer from Rajasthan who was arrested in connection with the case. This should come as a sigh of relief to Jio customers.
Reliance Jio, which is looking into reports of a major leak of user data, had filed a police complaint alleging "unlawful access to its systems," a police officer involved in the investigation said on Wednesday.
The complaint is the telecom company's first official acknowledgement of a systems breach. Jio had so far denied media reports and user accounts of a leak.
The officer involved in the investigation said Jio filed the complaint on Monday in Navi Mumbai, where it is headquartered.
Also Read: This Website Has Leaked Details of Reliance Jio Users in India
Several local news sites reported late on Sunday that names, telephone numbers and email addresses of Jio users were visible on a site called 'Magicapk,' which was subsequently taken down.
Jio, headed by India's richest man Mukesh Ambani, rubbished the website's claims and said its subscriber data was safe and maintained with the highest security. It said that data on the 'Magicapk' website appeared to be "unauthentic."
However, we did some digging and cross-checked with some of our numbers which showed up with the right information on the website.
Experts say India has inadequate data protection laws that do not mandate companies or agencies to notify clients if their personal data has been breached. Advocates for stronger data protection laws say this results in data leaks often going unreported.
On Tuesday, Reuters reported that police in the western state of Rajasthan detained a man on suspicion of involvement in the breach, which cyber security analysts say could be the first large-scale leak from an Indian telecoms firm.
The officer involved in the matter declined to give further detail on the investigation, but said preliminary evidence indicated the widely-used "Aadhaar" numbers of Jio customers were not compromised in the leak.
The case was registered under Section 66 of the Information Technology Act, which deals with any unauthorised access to a computer network, and Section 379 of the Indian Penal Code, which deals with theft.
(We all love to express ourselves, but how often do we do it in our mother tongue? Here's your chance! This Independence Day, khul ke bol with BOL – Love your Bhasha. Sing, write, perform, spew poetry – whatever you like – in your mother tongue. Send us your BOL at bol@thequint.com or WhatsApp it to 9910181818.)
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)