ABSTRACT
The research paper examines the incidences of telecom data breaches, and regulatory measures that have been taken in the chosen countries of Asia, Europe, North America, Africa, and especially in Indian telecom sector. As the world moves at a fast pace towards digitalization, higher mobile penetration and high use of online services, telecom operators deal with huge amounts of personal data, and data breaches are becoming a major challenge to regulators across the globe.
The study applies a comparative qualitative approach to the investigation of the response to cybersecurity incidents by different jurisdictions using documented breach incidents and publicly reported regulatory actions. The results indicate a significant difference between regulators in Europe and North America, who tend to impose huge financial fines after big data breaches and those in India who have been mostly using advisories, notices and compliance audits with small financial fines.
The paper presents a point where variations in legislations, regulatory ability, and level of data protection systems affect enforcement strategies. The Digital Personal Data Protection Act, 2023, introduced in India, provides an opportunity to strengthen the country's telecom data protection framework and align it with international standards.
REFERENCES
Acquisti, A., Taylor, C. R., & Wagman, L. (2016). The economics of privacy. Journal of Economic Literature, 54(2), 442–492. https://doi.org/10.1257/jel.54.2.442
Anderson, R., Barton, C., Böhme, R., Clayton, R., van Eeten, M. J. G., Levi, M., Moore, T., & Savage, S. (2013). Measuring the cost of cybercrime. In R. Böhme (Ed.), The economics of information security and privacy (pp. 265–300). Springer. https://doi.org/10.1007/978-3-642-39498-0_12
Becker, G. S. (1968). Crime and punishment: An economic approach. Journal of Political Economy, 76(2), 169–217. https://doi.org/10.1086/259394
(2024). BharatNet Project. Retrieved December 20, 2025, from https://usof.gov.in/en/bharatnet-project
Böhme, R., & Moore, T. (2012). The economics of information security investment. Journal of Information Security, 3(2), 75–83. https://doi.org/10.4236/jis.2012.32010
Böhme, R., Laube, S., & Riek, M. (2019). A fundamental approach to cyber risk analysis. Variance, 12(2), 161–185 https://doi.org/10.66573/001c.120742
Business Standard. (2024, June 26). BSNL data breach exposes 278 GB of sensitive telecom info, twice in 6 mts. Retrieved December 20, 2025, from https://www.business-standard.com/companies/news/bsnl-data-breach-exposes-278-gb-of-sensitive-telecom-info-twice-in-6-mts-124062600314_1.html
Creemers, R. (2022). China's emerging data protection framework. Journal of Cybersecurity, 8(1), tyac011. https://doi.org/10.1093/cybsec/tyac011
(2024). BSNL data breach highlights weak cybersecurity enforcement in India. https://telecom.economictimes.indiatimes.com/
(2025). SK Telecom cyberattack exposes subscriber data. https://telecom.economictimes.indiatimes.com/
European Data Protection Board. (2024). EDPB Annual Report 2023. Retrieved December 10, 2025, from https://www.edpb.europa.eu/our-work-tools/our-documents/annual-report/edpb-annual-report-2023_en
Federal Communications Commission. (2024, September 17). FCC Announces $13 Million Settlement with AT&T Resolving Vendor Cloud Breach Investigation. Retrieved December 10, 2025, from https://www.fcc.gov/document/fcc-settles-att-vendor-cloud-breach
Financial Express. (2025, September 27). DPDP Act needs to have broader approach. Retrieved January 10, 2026, from https://www.financialexpress.com/life/technology-dpdp-act-needs-to-have-broader-approach-3991224
Financial Times. (2018, May 23). GDPR: Europe takes lead. Retrieved December 10, 2025, from https://www.ft.com/content/bd3eb2ae-5ea0-11e8-9334-2218e7146b04
Gal-Or, E., Gal-Or, R., & Penmetsa, N. (2018). The Role of User Privacy Concerns in Shaping Competition Among Platforms. Information Systems Research, 29(3), 698–722. https://doi.org/10.1287/isre.2017.0730
Gao, L., Chen, Z., Zhao, W., & Lai, X. (2025). Does cybersecurity regulation reduce corporate data-breach risk? Finance Research Letters, 78, 107171. https://doi.org/10.1016/j.frl.2025.107171
Greenleaf, G. (2021). Global Data Privacy Laws 2021: Despite COVID Delays, 145 Laws Show GDPR Dominance. Privacy Laws & Business International Report, 169, 10–13 http://dx.doi.org/10.2139/ssrn.3836348
Greenstein, S., & Prince, J. (2006). The diffusion of the Internet and the geography of the digital divide in the United States (NBER Working Paper No. 12182). National Bureau of Economic Research. https://doi.org/10.3386/w12182
GSMA Intelligence. (2023). The Mobile Economy Sub-Saharan Africa 2023. Retrieved January 10, 2026, from https://www.gsmaintelligence.com/research/the-mobile-economy-sub-saharan-africa-2023
GSMA Intelligence. (2024). Trusted data and insights for the global mobile ecosystem. Retrieved January 10, 2026, from https://www.gsmaintelligence.com/
HT Digital Streams Ltd. (2024, July 5). Bharti Airtel denies data breach of 37.5 crore subscribers. Retrieved January 10, 2026, from https://www.livemint.com/companies/news/bharti-airtel-data-leak-telecom-major-denies-security-breach-of-over-37-crore-customers-after-hackers-post-allegations-11720173165182.html
Information Commissioner's Office (ICO). (2024). Annual Report 2023–24. Retrieved January 10, 2026, from https://ico.org.uk/media2/migrated/4030348/annual-report-2023-24.pdf
International Telecommunication Union (ITU). (2022). Global Cybersecurity Index 2020. Retrieved December 10, 2025, from https://www.itu.int/pub/D-STR-GCI.01-2021
Kamiya, S., Kang, J. K., Kim, J., Milidonis, A., & Stulz, R. M. (2021). Risk management, firm reputation, and the impact of successful cyberattacks on target firms. Journal of Financial Economics, 139(3), 719–749. https://doi.org/10.1016/j.jfineco.2019.05.019
Kuner, C. (2022). The GDPR: A transnational perspective. International Data Privacy Law, 12(1), 3–15. https://doi.org/10.1093/idpl/ipab042
PRS Legislative Research. (2023). The Digital Personal Data Protection Bill, 2023. Retrieved January 10, 2026, from https://prsindia.org/billtrack/digital-personal-data-protection-bill-2023
(2021). European regulators fine telecom firms under GDPR rules. Retrieved December 10, 2025, from https://www.reuters.com
(2022, January 21). Cybersecurity and data privacy foresight 2022. Retrieved December 10, 2025, from https://www.reuters.com/legal/legalindustry/cybersecurity-data-privacy-foresight-2022-2022-01-21/
(2023, October 16). Your organization has suffered a data incident: Now here are the regulators it will face. Retrieved January 10, 2026, from https://www.reuters.com/legal/legalindustry/your-organization-has-suffered-data-incident-now-here-are-regulators-it-will-2023-10-16/
(2024, November 13). China-linked hackers stole surveillance data from telecom companies, U.S. says. Retrieved December 10, 2025, from https://www.reuters.com/technology/cybersecurity/china-affiliated-actors-compromised-networks-multiple-telecom-companies-us-says-2024-11-13/
(2025a). South Korea agency fines SK Telecom $97 million over major data leak. https://www.reuters.com/sustainability/boards-policy-regulation/south-korea-agency-fines-sk-telecom-97-million-over-major-data-leak-2025-08-28/
(2025b, February 1). Data Privacy and Cybersecurity: 2024 Trends and Developments. Retrieved January 10, 2026, from https://www.reuters.com/practical-law-the-journal/transactional/data-privacy-cybersecurity-2024-trends-developments-2025-02-01/
Romanosky, S. (2016). Examining the costs and causes of cyber incidents. Journal of Cybersecurity, 2(2), 121–135. https://doi.org/10.1093/cybsec/tyw001
Romanosky, S., Telang, R., & Acquisti, A. (2011). Do data breach disclosure laws reduce identity theft? Journal of Policy Analysis and Management, 30(2), 256–286. https://doi.org/10.1002/pam.20567
(2024). State of the Network 2024. Retrieved January 10, 2026, from https://www2.telegeography.com/hubfs/LP-Assets/Ebooks/state-of-the-network-2024.pdf
(2026). 61 Biggest GDPR Fines & Penalties So Far [2026 Update]. Retrieved March 2, 2026, from https://termly.io/resources/articles/biggest-gdpr-fines/
The Economic Times. (2023, August 18). Government will ensure orderly transition to new data rules: MoS IT Rajeev Chandrasekhar. Retrieved December 10, 2025, from https://economictimes.indiatimes.com/tech/technology/government-will-ensure-orderly-transition-to-new-data-rules-mos-it-rajeev-chandrasekhar/articleshow/102811046.cms
The Economic Times. (2025, June 30). Trai’s new proposal may help check spam as it complements data protection laws. Retrieved December 10, 2025, from https://economictimes.indiatimes.com/tech/technology/trais-new-proposal-may-help-check-spam-as-it-complements-data-protection-laws/articleshow/122146683.cms
Times of India. (2023, August 3). Entities violating digital data protection norms to face penalty of up to Rs 250 crore: DPDP 2023. Retrieved December 10, 2025, from https://timesofindia.indiatimes.com/india/entities-violating-digital-data-protection-norms-to-face-penalty-of-up-to-rs-250-crore-dpdp-2023/articleshow/102392400.cms
Times of India. (2024, June 26). Hacker claims to have critical security data, SIM card details of BSNL customers. Retrieved January 10, 2026, from https://timesofindia.indiatimes.com/technology/tech-news/hacker-claims-to-have-critical-security-data-sim-card-details-of-bsnl-customers/articleshow/111289752.cms
T-Mobile Data Breach Settlement. (2023). T-Mobile Data Breach Settlement. Retrieved December 10, 2025, from https://www.t-mobilesettlement.com/
Wolters, P. T. J. (2019). The enforcement by the data subject under the GDPR. Journal of Internet Law, 22(8), 22–31. Retrieved January 10, 2026, from https://repository.ubn.ru.nl/handle/2066/200981