Research Article

Data Breaches in the Telecom Sector: A Comparative Analysis of Regulatory Fines Across Continents

ABSTRACT

The research paper examines the incidences of telecom data breaches, and regulatory measures that have been taken in the chosen countries of Asia, Europe, North America, Africa, and especially in Indian telecom sector. As the world moves at a fast pace towards digitalization, higher mobile penetration and high use of online services, telecom operators deal with huge amounts of personal data, and data breaches are becoming a major challenge to regulators across the globe.

The study applies a comparative qualitative approach to the investigation of the response to cybersecurity incidents by different jurisdictions using documented breach incidents and publicly reported regulatory actions. The results indicate a significant difference between regulators in Europe and North America, who tend to impose huge financial fines after big data breaches and those in India who have been mostly using advisories, notices and compliance audits with small financial fines.

The paper presents a point where variations in legislations, regulatory ability, and level of data protection systems affect enforcement strategies. The Digital Personal Data Protection Act, 2023, introduced in India, provides an opportunity to strengthen the country's telecom data protection framework and align it with international standards.

REFERENCES

Acquisti, A., Taylor, C. R., & Wagman, L. (2016). The economics of privacy. Journal of Economic Literature, 54(2), 442–492. https://doi.org/10.1257/jel.54.2.442

Anderson, R., Barton, C., Böhme, R., Clayton, R., van Eeten, M. J. G., Levi, M., Moore, T., & Savage, S. (2013). Measuring the cost of cybercrime. In R. Böhme (Ed.), The economics of information security and privacy (pp. 265–300). Springer. https://doi.org/10.1007/978-3-642-39498-0_12

Becker, G. S. (1968). Crime and punishment: An economic approach. Journal of Political Economy, 76(2), 169–217. https://doi.org/10.1086/259394

(2024). BharatNet Project. Retrieved December 20, 2025, from https://usof.gov.in/en/bharatnet-project

Böhme, R., & Moore, T. (2012). The economics of information security investment. Journal of Information Security, 3(2), 75–83. https://doi.org/10.4236/jis.2012.32010

Böhme, R., Laube, S., & Riek, M. (2019). A fundamental approach to cyber risk analysis. Variance, 12(2), 161–185 https://doi.org/10.66573/001c.120742

Business Standard. (2024, June 26). BSNL data breach exposes 278 GB of sensitive telecom info, twice in 6 mts. Retrieved December 20, 2025, from https://www.business-standard.com/companies/news/bsnl-data-breach-exposes-278-gb-of-sensitive-telecom-info-twice-in-6-mts-124062600314_1.html

Creemers, R. (2022). China's emerging data protection framework. Journal of Cybersecurity, 8(1), tyac011. https://doi.org/10.1093/cybsec/tyac011

(2024). BSNL data breach highlights weak cybersecurity enforcement in India. https://telecom.economictimes.indiatimes.com/

(2025). SK Telecom cyberattack exposes subscriber data. https://telecom.economictimes.indiatimes.com/

European Data Protection Board. (2024). EDPB Annual Report 2023. Retrieved December 10, 2025, from https://www.edpb.europa.eu/our-work-tools/our-documents/annual-report/edpb-annual-report-2023_en

Federal Communications Commission. (2024, September 17). FCC Announces $13 Million Settlement with AT&T Resolving Vendor Cloud Breach Investigation. Retrieved December 10, 2025, from https://www.fcc.gov/document/fcc-settles-att-vendor-cloud-breach

Financial Express. (2025, September 27). DPDP Act needs to have broader approach. Retrieved January 10, 2026, from https://www.financialexpress.com/life/technology-dpdp-act-needs-to-have-broader-approach-3991224

Financial Times. (2018, May 23). GDPR: Europe takes lead. Retrieved December 10, 2025, from https://www.ft.com/content/bd3eb2ae-5ea0-11e8-9334-2218e7146b04

Gal-Or, E., Gal-Or, R., & Penmetsa, N. (2018). The Role of User Privacy Concerns in Shaping Competition Among Platforms. Information Systems Research, 29(3), 698–722. https://doi.org/10.1287/isre.2017.0730

Gao, L., Chen, Z., Zhao, W., & Lai, X. (2025). Does cybersecurity regulation reduce corporate data-breach risk? Finance Research Letters, 78, 107171. https://doi.org/10.1016/j.frl.2025.107171

Greenleaf, G. (2021). Global Data Privacy Laws 2021: Despite COVID Delays, 145 Laws Show GDPR Dominance. Privacy Laws & Business International Report, 169, 10–13 http://dx.doi.org/10.2139/ssrn.3836348

Greenstein, S., & Prince, J. (2006). The diffusion of the Internet and the geography of the digital divide in the United States (NBER Working Paper No. 12182). National Bureau of Economic Research. https://doi.org/10.3386/w12182

GSMA Intelligence. (2023). The Mobile Economy Sub-Saharan Africa 2023. Retrieved January 10, 2026, from https://www.gsmaintelligence.com/research/the-mobile-economy-sub-saharan-africa-2023

GSMA Intelligence. (2024). Trusted data and insights for the global mobile ecosystem. Retrieved January 10, 2026, from https://www.gsmaintelligence.com/

HT Digital Streams Ltd. (2024, July 5). Bharti Airtel denies data breach of 37.5 crore subscribers. Retrieved January 10, 2026, from https://www.livemint.com/companies/news/bharti-airtel-data-leak-telecom-major-denies-security-breach-of-over-37-crore-customers-after-hackers-post-allegations-11720173165182.html

Information Commissioner's Office (ICO). (2024). Annual Report 2023–24. Retrieved January 10, 2026, from https://ico.org.uk/media2/migrated/4030348/annual-report-2023-24.pdf

International Telecommunication Union (ITU). (2022). Global Cybersecurity Index 2020. Retrieved December 10, 2025, from https://www.itu.int/pub/D-STR-GCI.01-2021

Kamiya, S., Kang, J. K., Kim, J., Milidonis, A., & Stulz, R. M. (2021). Risk management, firm reputation, and the impact of successful cyberattacks on target firms. Journal of Financial Economics, 139(3), 719–749. https://doi.org/10.1016/j.jfineco.2019.05.019

Kuner, C. (2022). The GDPR: A transnational perspective. International Data Privacy Law, 12(1), 3–15. https://doi.org/10.1093/idpl/ipab042

PRS Legislative Research. (2023). The Digital Personal Data Protection Bill, 2023. Retrieved January 10, 2026, from https://prsindia.org/billtrack/digital-personal-data-protection-bill-2023

(2021). European regulators fine telecom firms under GDPR rules. Retrieved December 10, 2025, from https://www.reuters.com

(2022, January 21). Cybersecurity and data privacy foresight 2022. Retrieved December 10, 2025, from https://www.reuters.com/legal/legalindustry/cybersecurity-data-privacy-foresight-2022-2022-01-21/

(2023, October 16). Your organization has suffered a data incident: Now here are the regulators it will face. Retrieved January 10, 2026, from https://www.reuters.com/legal/legalindustry/your-organization-has-suffered-data-incident-now-here-are-regulators-it-will-2023-10-16/

(2024, November 13). China-linked hackers stole surveillance data from telecom companies, U.S. says. Retrieved December 10, 2025, from https://www.reuters.com/technology/cybersecurity/china-affiliated-actors-compromised-networks-multiple-telecom-companies-us-says-2024-11-13/

(2025a). South Korea agency fines SK Telecom $97 million over major data leak. https://www.reuters.com/sustainability/boards-policy-regulation/south-korea-agency-fines-sk-telecom-97-million-over-major-data-leak-2025-08-28/

(2025b, February 1). Data Privacy and Cybersecurity: 2024 Trends and Developments. Retrieved January 10, 2026, from https://www.reuters.com/practical-law-the-journal/transactional/data-privacy-cybersecurity-2024-trends-developments-2025-02-01/

Romanosky, S. (2016). Examining the costs and causes of cyber incidents. Journal of Cybersecurity, 2(2), 121–135. https://doi.org/10.1093/cybsec/tyw001

Romanosky, S., Telang, R., & Acquisti, A. (2011). Do data breach disclosure laws reduce identity theft? Journal of Policy Analysis and Management, 30(2), 256–286. https://doi.org/10.1002/pam.20567

(2024). State of the Network 2024. Retrieved January 10, 2026, from https://www2.telegeography.com/hubfs/LP-Assets/Ebooks/state-of-the-network-2024.pdf

(2026). 61 Biggest GDPR Fines & Penalties So Far [2026 Update]. Retrieved March 2, 2026, from https://termly.io/resources/articles/biggest-gdpr-fines/

The Economic Times. (2023, August 18). Government will ensure orderly transition to new data rules: MoS IT Rajeev Chandrasekhar. Retrieved December 10, 2025, from https://economictimes.indiatimes.com/tech/technology/government-will-ensure-orderly-transition-to-new-data-rules-mos-it-rajeev-chandrasekhar/articleshow/102811046.cms

The Economic Times. (2025, June 30). Trai’s new proposal may help check spam as it complements data protection laws. Retrieved December 10, 2025, from https://economictimes.indiatimes.com/tech/technology/trais-new-proposal-may-help-check-spam-as-it-complements-data-protection-laws/articleshow/122146683.cms

Times of India. (2023, August 3). Entities violating digital data protection norms to face penalty of up to Rs 250 crore: DPDP 2023. Retrieved December 10, 2025, from https://timesofindia.indiatimes.com/india/entities-violating-digital-data-protection-norms-to-face-penalty-of-up-to-rs-250-crore-dpdp-2023/articleshow/102392400.cms

Times of India. (2024, June 26). Hacker claims to have critical security data, SIM card details of BSNL customers. Retrieved January 10, 2026, from https://timesofindia.indiatimes.com/technology/tech-news/hacker-claims-to-have-critical-security-data-sim-card-details-of-bsnl-customers/articleshow/111289752.cms

T-Mobile Data Breach Settlement. (2023). T-Mobile Data Breach Settlement. Retrieved December 10, 2025, from https://www.t-mobilesettlement.com/

Wolters, P. T. J. (2019). The enforcement by the data subject under the GDPR. Journal of Internet Law, 22(8), 22–31. Retrieved January 10, 2026, from https://repository.ubn.ru.nl/handle/2066/200981

Keywords

Telecom Data Breaches Data Protection Regulation Cybersecurity Governance Telecom Sector Regulation Digital Personal Data Protection Act.