NIXI calls massive data breach hitting 6,000 enterprises as bluff; says no threat to info

After reports of a massive data breach made headlines yesterday, National Interner Exchange of India (NIXI) has reassured enterprises associated with it that their data is still in safe hands. In a statement released earlier today, NIXI assured its affiliates - the enterprises and organisations which were reported to be at risk - that both the system as well as their data are still safe.

"It has come to our knowledge that a business organization dealing with enterprise security solution has sent information to various news agencies that it has found that an advertisement was given on DarkNet announcing secret access to data bases of over 6000 business and ISPs, government and private organization and the said actor is attempting to sell this database of Indian Registry for Internet Names and Numbers (IRINN). The claim by the actor of Dark Net is audacious and far from truth," NIXI quipped in the statement.

NIXI is a national-level non-profit organisation which acts as a neutral interface of internet service providers across India. It was established in 2003 with the motive of routing domestic internet traffic without taking it abroad. This was done to save foreign exchange and improve quality of internet services in India.

"NIXI hereby clarifies that there has been no serious security breach of its IRINN system, as it has a robust security protocol in place. The hacker has no capacity to cause any damage or initiate distributed denial of service to any entity who has been allocated internet resources through IRINN System. There was an attempt to penetrate the system and hacker was able to collect some basic profile information of the contact persons of some of the affiliates which was displayed by him on the DarkNet," the internet exchange platform said in a statement.

NIXI claimed that its security protocol is adequately capable of fending off such attacks. Moreover, security protocol has been further strengthened and review of existing infrastructure has also been initiated on the back of the recent attack.

Meanwhile, UIDAI, one of the government organisations said to be under threat following the cyber attack, clarified its databases or central repository have not been breached, nor are its activities are threatened to stop in any way.

"The supposed incident related to the claimed breach of information from IRINN does not contain any confidential data of UIDAI and has not affected any services provided by the authority," the Unique Identification Authority of India (UIDAI) said in a statement.

The Aadhaar-issuing agency asserted that there has been no security breach of either its database or Central Identities Data Repository (CIDR).

Seqrite, the enterprise arm of IT security firm Quick Heal, had reportedly encountered an advertisement on dark net claiming to have access to information from more than 6,000 Indian businesses including government organisations, internet service providers, banks and enterprises. It claimed that unidentified hackers have gained access to this data after a cyber attack on IRINN. Unique Identification Authority of India (UIDAI), Defence Research and Development Organisation (DRDO), Indian Space Research Organisation (ISRO), Reserve Bank of India (RBI), Employees' Provident Fund Organisation (EPFO), State Bank of India (SBI), Bharat Sanchar Nigam Limited (BSNL), Bombay Stock Exchange (BSE), Idea Telecom, Flipkart, Aircel, TCS, and ICICI Prudential Mutual Fund were among the private and government organisations which were said to be faced with the threat of their crucial data reaching the hands of third party players.