Irancell data leak raises security questions

A limitless cyberspace, zero boundaries and eroding national borders is just the beginning of cyber threats, according to a cyber-security expert in Iran.

Due to the unrelenting expansion of Iran’s Internet usage and the dramatic rise in the number of web users, both mobile and ADSL-based, officials have kept a keen eye on cyber-security in the country.

Following reports concerning the online leakage of personal data of nearly 20 million subscribers of Iran’s second largest mobile operator, MTN-Irancell and the turmoil caused by the news, the Cyber Police and Communications Regulatory Authority implemented several measures to avoid a recurrence of such an event.

An unnamed CRA spokesperson said of the measures “subscribers’ personal data must be kept confidential and disclosure of this information is a breach of law. Even in the contract signed among subscribers and operators, this legal obligation is clearly stated.”

The information on MTN-Irancell’s subscribers was leaked through a robot—known as MTN Pro Bot—on the social media application Telegram, Mehr News Agency reported at the time.  Using an Irancell phone number—specifically numbers with the digits 0939, 0938, 0937, 0936 and 0935 at the beginning—the robot would make available the subscribers’ personal information, including their full name, national ID number, address, postal code and landline number.

CRA’s Public Relations Office announced, “If mobile operators disclose personal data of subscribers, the legal breach can be reported by filing a complaint on

“Whether done deliberately or not, such actions are considered legal transgression.”
Mohammad Talebi, Mobile Telecommunications Company of Iran’s director for security, said “With the assistance of Iranian specialists, we should mobilize national resources to localize the technologies essential for securing our national information network.”

When cyber incidents occur, the Cyber Police provides assistance to potentially impacted entities, analyzes the potential impact across critical infrastructure, investigates those responsible in conjunction with law enforcement partners and coordinates the national response to significant cyber incidents.

Irancell’s Legal Response

An official statement from the mobile phone operator said, “Irancell has never disclosed the personal data of subscribers and as always is committed to its legal obligations to ensure the confidentiality of subscribers’ data.”

In the same statement, without naming any companies, Irancell accused its rivals for the turmoil caused by the news.

“Fortunately, such low tactics will not affect Irancell and its dedication to providing cutting edge services to its customers. As the dominant mobile service provider in the country, Irancell will pursue its goal, which is to provide the best possible services.”

On July 3, Telecoms Minister Mahmoud Vaezi told parliamentarians, “Two years ago, following a request by one of the nation’s intelligence agencies, Irancell handed subscribers’ data to the official body. One of the agents who had access to the data sold it to a third party. Immediately, the culprit was identified and arrested by law enforcement agents.”

Vaezi emphasized that the recent data leakage does not include anything more than old data.

By Financial Tribune