The personal data of 301 million Vodafone Idea customers have been exposed over a two-year period, claims cybersecurity firm CyberX9 in a report released on Sunday. Vodafone Idea denied the findings, according to the Economic Times, describing the report as 'false and malicious' while defending the company's regularly audited 'robust IT security framework'. The data exposed includes personal data and call logs of all of Vodafone Idea's 20.6 million postpaid subscribers. Other data exposed includes SMS records, residential addresses, phone numbers users spoke with, detailed call records, residential addresses, credit limits, and plan, Internet usage, and billing details, Why it matters: CyberX9 claims the exposure stems from 'easy to discover' vulnerabilities in Vodafone India's systems and that the data may have been stolen by malicious hackers. 'All of these discovered vulnerabilities were possible to be used for large scale automated exfiltration of sensitive and confidential user data without any restrictions by Vodafone Idea’s systems,' the report claims. This data loss could result in 'identity theft, extortion, threats, [and] national security threats.' CyberX9 reportedly shared the report's 16 pages of findings with the telco's 'executive team' including its CEO on August 22nd. The company acknowledged the weakness on August 24th, reports Economic Times, the same day CyberX9 escalated the issue with CERT-In and the National Critical Information Infrastructure Protection Centre (NCIIPC). On August 25th, CyberX9 confirmed that the system weaknesses were 'no longer exploitable'. Acknowledging a 'potential vulnerability in billing communication', Vodafone Idea reiterated in a statement to Economic Times that 'this was immediately…
