India's Reliance Jio Infocomm Ltd, which is looking into reports of a major leak of user data, has filed a police complaint alleging "unlawful access to its systems," Reuters reported on Wednesday from Mumbai citing a police officer involved in the investigation.
The complaint is the telecom company's first official acknowledgement of a systems breach. Jio has so far denied media reports and user accounts of a leak.
The officer involved in the investigation said Jio filed the complaint on Monday in Navi Mumbai, where it is headquartered.
The case was registered under Section 66 of the Information Technology Act, which deals with any unauthorized access to a computer network, and Section 379 of the Indian Penal Code, which deals with theft.
Jio, part of conglomerate Reliance Industries Ltd, did not respond to a Reuters request for comment on Wednesday.
The names, telephone numbers and email addresses of Jio users were visible on a site called 'Magicapk,' on Sunday which was subsequently taken down.
Jio, headed by India's richest man Mukesh Ambani, rubbished the website's claims and said its subscriber data was safe and maintained with the highest security. It said that data on the 'Magicapk' website appeared to be "unauthentic."
Experts say India has inadequate data protection laws that do not mandate companies or agencies to notify clients if their personal data has been breached. Advocates for stronger data protection laws say this results in data leaks often going unreported.
"There is a clear stigma attached to being hacked, or data being stolen," said Akash Mahajan, a web security consultant in Bengaluru, adding this is why companies in India often do not admit to data breaches.
On Tuesday, Reuters reported that police in the western state of Rajasthan detained a man on suspicion of involvement in the breach, which cyber security analysts say could be the first largescale leak from an Indian telecom firm.
The officer involved in the matter declined to give further detail on the investigation, but said preliminary evidence indicated the widely-used "Aadhaar" numbers of Jio customers were not compromised in the leak.
Jio, which launched last September, already boasts over 100 million subscribers after drawing in users with months of free service and now cutprice deals. It is not clear whether data on all 100 million plus customers was compromised.
Many users registered for Jio using their 12-digit Unique Identification Authority of India (UIDAI) number, commonly known as the Aadhaar number.
The government is pushing for Aadhaar numbers to be used in everything from opening a bank account to filing tax returns. The number, which works in a similar way to U.S. Social Security numbers, is unique to each Indian citizen and stores users' biometric data in a centralized database.