<?xml version="1.0" encoding="UTF-8"?>
<article>

    <title>Data Breaches in the Telecom Sector: A Comparative Analysis of Regulatory Fines Across Continents</title>

    <slug>data-breaches-in-the-telecom-sector-a-comparative-analysis-of-regulatory-fines-across-continents</slug>

    
            <parent>
            <title>Volume 8, Issue 1</title>
        </parent>
    
    
            <post_type>
            <title>ARTICLES</title>
        </post_type>
    
    	
	
	<year>2026</year>

    
	<volume>8</volume>
	
    
    <content><![CDATA[<p style="text-align: justify;">The research paper examines the incidences of telecom data breaches, and regulatory measures that have been taken in the chosen countries of Asia, Europe, North America, Africa, and especially in Indian telecom sector. As the world moves at a fast pace towards digitalization, higher mobile penetration and high use of online services, telecom operators deal with huge amounts of personal data, and data breaches are becoming a major challenge to regulators across the globe.</p>
<p style="text-align: justify;">The study applies a comparative qualitative approach to the investigation of the response to cybersecurity incidents by different jurisdictions using documented breach incidents and publicly reported regulatory actions. The results indicate a significant difference between regulators in Europe and North America, who tend to impose huge financial fines after big data breaches and those in India who have been mostly using advisories, notices and compliance audits with small financial fines.</p>
<p style="text-align: justify;">The paper presents a point where variations in legislations, regulatory ability, and level of data protection systems affect enforcement strategies. The Digital Personal Data Protection Act, 2023, introduced in India, provides an opportunity to strengthen the country's telecom data protection framework and align it with international standards.</p>]]></content>

    
            <references><![CDATA[<p>Acquisti, A., Taylor, C. R., &amp; Wagman, L. (2016). <em>The economics of privacy</em>. <em>Journal of Economic Literature, 54</em>(2), 442–492. <a href="https://doi.org/10.1257/jel.54.2.442">https://doi.org/10.1257/jel.54.2.442</a></p>
<p>Anderson, R., Barton, C., Böhme, R., Clayton, R., van Eeten, M. J. G., Levi, M., Moore, T., &amp; Savage, S. (2013). Measuring the cost of cybercrime. In R. Böhme (Ed.), <em>The economics of information security and privacy</em> (pp. 265–300). Springer. <a href="https://doi.org/10.1007/978-3-642-39498-0_12">https://doi.org/10.1007/978-3-642-39498-0_12</a></p>
<p>Becker, G. S. (1968). <em>Crime and punishment: An economic approach</em>. <em>Journal of Political Economy, 76</em>(2), 169–217. <a href="https://doi.org/10.1086/259394">https://doi.org/10.1086/259394</a></p>
<p>(2024). <em>BharatNet Project.</em> Retrieved December 20, 2025, from <a href="https://usof.gov.in/en/bharatnet-project">https://usof.gov.in/en/bharatnet-project</a></p>
<p>Böhme, R., &amp; Moore, T. (2012). <em>The economics of information security investment</em>. <em>Journal of Information Security, 3</em>(2), 75–83. <a href="https://doi.org/10.4236/jis.2012.32010">https://doi.org/10.4236/jis.2012.32010</a></p>
<p>Böhme, R., Laube, S., &amp; Riek, M. (2019). <em>A fundamental approach to cyber risk analysis.</em> Variance, 12(2), 161–185 <a href="https://doi.org/10.66573/001c.120742">https://doi.org/10.66573/001c.120742</a></p>
<p>Business Standard. (2024, June 26). <em>BSNL data breach exposes 278 GB of sensitive telecom info, twice in 6 mts.</em> Retrieved December 20, 2025, from <a href="https://www.business-standard.com/companies/news/bsnl-data-breach-exposes-278-gb-of-sensitive-telecom-info-twice-in-6-mts-124062600314_1.html">https://www.business-standard.com/companies/news/bsnl-data-breach-exposes-278-gb-of-sensitive-telecom-info-twice-in-6-mts-124062600314_1.html</a></p>
<p>Creemers, R. (2022). <em>China's emerging data protection framework.</em> Journal of Cybersecurity, 8(1), tyac011. <a href="https://doi.org/10.1093/cybsec/tyac011">https://doi.org/10.1093/cybsec/tyac011</a></p>
<p>(2024). <em>BSNL data breach highlights weak cybersecurity enforcement in India</em>. <a href="https://telecom.economictimes.indiatimes.com/">https://telecom.economictimes.indiatimes.com/</a></p>
<p>(2025). <em>SK Telecom cyberattack exposes subscriber data</em>. <a href="https://telecom.economictimes.indiatimes.com/">https://telecom.economictimes.indiatimes.com/</a></p>
<p>European Data Protection Board. (2024). <em>EDPB Annual Report 2023.</em> Retrieved December 10, 2025, from <a href="https://www.edpb.europa.eu/our-work-tools/our-documents/annual-report/edpb-annual-report-2023_en">https://www.edpb.europa.eu/our-work-tools/our-documents/annual-report/edpb-annual-report-2023_en</a></p>
<p>Federal Communications Commission. (2024, September 17). <em>FCC Announces $13 Million Settlement with AT&amp;T Resolving Vendor Cloud Breach Investigation.</em> Retrieved December 10, 2025, from <a href="https://www.fcc.gov/document/fcc-settles-att-vendor-cloud-breach">https://www.fcc.gov/document/fcc-settles-att-vendor-cloud-breach</a></p>
<p>Financial Express. (2025, September 27). <em>DPDP Act needs to have broader approach.</em> Retrieved January 10, 2026, from <a href="https://www.financialexpress.com/life/technology-dpdp-act-needs-to-have-broader-approach-3991224/">https://www.financialexpress.com/life/technology-dpdp-act-needs-to-have-broader-approach-3991224</a></p>
<p>Financial Times. (2018, May 23). <em>GDPR: Europe takes lead.</em> Retrieved December 10, 2025, from <a href="https://www.ft.com/content/bd3eb2ae-5ea0-11e8-9334-2218e7146b04">https://www.ft.com/content/bd3eb2ae-5ea0-11e8-9334-2218e7146b04</a></p>
<p>Gal-Or, E., Gal-Or, R., &amp; Penmetsa, N. (2018). <em>The Role of User Privacy Concerns in Shaping Competition Among Platforms.</em> Information Systems Research, 29(3), 698–722. <a href="https://doi.org/10.1287/isre.2017.0730">https://doi.org/10.1287/isre.2017.0730</a></p>
<p>Gao, L., Chen, Z., Zhao, W., &amp; Lai, X. (2025). <em>Does cybersecurity regulation reduce corporate data-breach risk?</em> <em>Finance Research Letters, 78</em>, 107171. <a href="https://doi.org/10.1016/j.frl.2025.107171">https://doi.org/10.1016/j.frl.2025.107171</a></p>
<p>Greenleaf, G. (2021). <em>Global Data Privacy Laws 2021: Despite COVID Delays, 145 Laws Show GDPR Dominance.</em> Privacy Laws &amp; Business International Report, 169, 10–13 <a href="https://dx.doi.org/10.2139/ssrn.3836348">http://dx.doi.org/10.2139/ssrn.3836348</a></p>
<p>Greenstein, S., &amp; Prince, J. (2006). <em>The diffusion of the Internet and the geography of the digital divide in the United States</em> (NBER Working Paper No. 12182). National Bureau of Economic Research. <a href="https://doi.org/10.3386/w12182">https://doi.org/10.3386/w12182</a></p>
<p>GSMA Intelligence. (2023). <em>The Mobile Economy Sub-Saharan Africa 2023.</em> Retrieved January 10, 2026, from <a href="https://www.gsmaintelligence.com/research/the-mobile-economy-sub-saharan-africa-2023">https://www.gsmaintelligence.com/research/the-mobile-economy-sub-saharan-africa-2023</a></p>
<p>GSMA Intelligence. (2024). <em>Trusted data and insights for the global mobile ecosystem.</em> Retrieved January 10, 2026, from <a href="https://www.gsmaintelligence.com/">https://www.gsmaintelligence.com/</a></p>
<p>HT Digital Streams Ltd. (2024, July 5). Bharti Airtel denies data breach of 37.5 crore subscribers. Retrieved January 10, 2026, from <a href="https://www.livemint.com/companies/news/bharti-airtel-data-leak-telecom-major-denies-security-breach-of-over-37-crore-customers-after-hackers-post-allegations-11720173165182.html">https://www.livemint.com/companies/news/bharti-airtel-data-leak-telecom-major-denies-security-breach-of-over-37-crore-customers-after-hackers-post-allegations-11720173165182.html</a></p>
<p>Information Commissioner's Office (ICO). (2024). <em>Annual Report 2023–24.</em> Retrieved January 10, 2026, from <a href="https://ico.org.uk/media2/migrated/4030348/annual-report-2023-24.pdf">https://ico.org.uk/media2/migrated/4030348/annual-report-2023-24.pdf</a></p>
<p>International Telecommunication Union (ITU). (2022). Global Cybersecurity Index 2020. Retrieved December 10, 2025, from <a href="https://www.itu.int/pub/D-STR-GCI.01-2021">https://www.itu.int/pub/D-STR-GCI.01-2021</a></p>
<p>Kamiya, S., Kang, J. K., Kim, J., Milidonis, A., &amp; Stulz, R. M. (2021). <em>Risk management, firm reputation, and the impact of successful cyberattacks on target firms.</em> <em>Journal of Financial Economics, 139</em>(3), 719–749. <a href="https://doi.org/10.1016/j.jfineco.2019.05.019">https://doi.org/10.1016/j.jfineco.2019.05.019</a></p>
<p>Kuner, C. (2022). <em>The GDPR: A transnational perspective</em>. <em>International Data Privacy Law, 12</em>(1), 3–15. <a href="https://doi.org/10.1093/idpl/ipab042">https://doi.org/10.1093/idpl/ipab042</a></p>
<p>PRS Legislative Research. (2023). <em>The Digital Personal Data Protection Bill, 2023.</em> Retrieved January 10, 2026, from <a href="https://prsindia.org/billtrack/digital-personal-data-protection-bill-2023">https://prsindia.org/billtrack/digital-personal-data-protection-bill-2023</a></p>
<p>(2021). European regulators fine telecom firms under GDPR rules. Retrieved December 10, 2025, from <u>https://www.reuters.com</u></p>
<p>(2022, January 21). <em>Cybersecurity and data privacy foresight 2022.</em> Retrieved December 10, 2025, from <a href="https://www.reuters.com/legal/legalindustry/cybersecurity-data-privacy-foresight-2022-2022-01-21/">https://www.reuters.com/legal/legalindustry/cybersecurity-data-privacy-foresight-2022-2022-01-21/</a></p>
<p>(2023, October 16). <em>Your organization has suffered a data incident: Now here are the regulators it will face.</em> Retrieved January 10, 2026, from <a href="https://www.reuters.com/legal/legalindustry/your-organization-has-suffered-data-incident-now-here-are-regulators-it-will-2023-10-16/">https://www.reuters.com/legal/legalindustry/your-organization-has-suffered-data-incident-now-here-are-regulators-it-will-2023-10-16/</a></p>
<p>(2024, November 13). <em>China-linked hackers stole surveillance data from telecom companies, U.S. says.</em> Retrieved December 10, 2025, from <a href="https://www.reuters.com/technology/cybersecurity/china-affiliated-actors-compromised-networks-multiple-telecom-companies-us-says-2024-11-13/">https://www.reuters.com/technology/cybersecurity/china-affiliated-actors-compromised-networks-multiple-telecom-companies-us-says-2024-11-13/</a></p>
<p>(2025a). <em>South Korea agency fines SK Telecom $97 million over major data leak</em>. <a href="https://www.reuters.com/sustainability/boards-policy-regulation/south-korea-agency-fines-sk-telecom-97-million-over-major-data-leak-2025-08-28/">https://www.reuters.com/sustainability/boards-policy-regulation/south-korea-agency-fines-sk-telecom-97-million-over-major-data-leak-2025-08-28/</a></p>
<p>(2025b, February 1). <em>Data Privacy and Cybersecurity: 2024 Trends and Developments.</em> Retrieved January 10, 2026, from <a href="https://www.reuters.com/practical-law-the-journal/transactional/data-privacy-cybersecurity-2024-trends-developments-2025-02-01/">https://www.reuters.com/practical-law-the-journal/transactional/data-privacy-cybersecurity-2024-trends-developments-2025-02-01/</a></p>
<p>Romanosky, S. (2016). <em>Examining the costs and causes of cyber incidents</em>. <em>Journal of Cybersecurity, 2</em>(2), 121–135. <a href="https://doi.org/10.1093/cybsec/tyw001">https://doi.org/10.1093/cybsec/tyw001</a></p>
<p>Romanosky, S., Telang, R., &amp; Acquisti, A. (2011). <em>Do data breach disclosure laws reduce identity theft?</em> <em>Journal of Policy Analysis and Management, 30</em>(2), 256–286. <a href="https://doi.org/10.1002/pam.20567">https://doi.org/10.1002/pam.20567</a></p>
<p>(2024). <em>State of the Network 2024.</em> Retrieved January 10, 2026, from <a href="https://www2.telegeography.com/hubfs/LP-Assets/Ebooks/state-of-the-network-2024.pdf">https://www2.telegeography.com/hubfs/LP-Assets/Ebooks/state-of-the-network-2024.pdf</a></p>
<p>(2026). <em>61 Biggest GDPR Fines &amp; Penalties So Far [2026 Update].</em> Retrieved March 2, 2026, from <a href="https://termly.io/resources/articles/biggest-gdpr-fines/">https://termly.io/resources/articles/biggest-gdpr-fines/</a></p>
<p>The Economic Times. (2023, August 18). <em>Government will ensure orderly transition to new data rules: MoS IT Rajeev Chandrasekhar.</em> Retrieved December 10, 2025, from <a href="https://economictimes.indiatimes.com/tech/technology/government-will-ensure-orderly-transition-to-new-data-rules-mos-it-rajeev-chandrasekhar/articleshow/102811046.cms">https://economictimes.indiatimes.com/tech/technology/government-will-ensure-orderly-transition-to-new-data-rules-mos-it-rajeev-chandrasekhar/articleshow/102811046.cms</a></p>
<p>The Economic Times. (2025, June 30). <em>Trai’s new proposal may help check spam as it complements data protection laws.</em> Retrieved December 10, 2025, from <a href="https://economictimes.indiatimes.com/tech/technology/trais-new-proposal-may-help-check-spam-as-it-complements-data-protection-laws/articleshow/122146683.cms">https://economictimes.indiatimes.com/tech/technology/trais-new-proposal-may-help-check-spam-as-it-complements-data-protection-laws/articleshow/122146683.cms</a></p>
<p>Times of India. (2023, August 3). Entities violating digital data protection norms to face penalty of up to Rs 250 crore: DPDP 2023. Retrieved December 10, 2025, from <a href="https://timesofindia.indiatimes.com/india/entities-violating-digital-data-protection-norms-to-face-penalty-of-up-to-rs-250-crore-dpdp-2023/articleshow/102392400.cms">https://timesofindia.indiatimes.com/india/entities-violating-digital-data-protection-norms-to-face-penalty-of-up-to-rs-250-crore-dpdp-2023/articleshow/102392400.cms</a></p>
<p>Times of India. (2024, June 26). <em>Hacker claims to have critical security data, SIM card details of BSNL customers.</em> Retrieved January 10, 2026, from <a href="https://timesofindia.indiatimes.com/technology/tech-news/hacker-claims-to-have-critical-security-data-sim-card-details-of-bsnl-customers/articleshow/111289752.cms">https://timesofindia.indiatimes.com/technology/tech-news/hacker-claims-to-have-critical-security-data-sim-card-details-of-bsnl-customers/articleshow/111289752.cms</a></p>
<p>T-Mobile Data Breach Settlement. (2023). <em>T-Mobile Data Breach Settlement.</em> Retrieved December 10, 2025, from <a href="https://www.t-mobilesettlement.com/">https://www.t-mobilesettlement.com/</a></p>
<p>Wolters, P. T. J. (2019). <em>The enforcement by the data subject under the GDPR.</em> <em>Journal of Internet Law, 22</em>(8), 22–31. Retrieved January 10, 2026, from <a href="https://repository.ubn.ru.nl/handle/2066/200981">https://repository.ubn.ru.nl/handle/2066/200981</a></p>]]></references>
    
            <keywords>Telecom Data Breaches, Data Protection Regulation, Cybersecurity Governance, Telecom Sector Regulation, Digital Personal Data Protection Act.</keywords>
    
    <date></date>

    <url>https://tefmj.ibupress.com/articles/data-breaches-in-the-telecom-sector-a-comparative-analysis-of-regulatory-fines-across-continents</url>

</article>