Another major Indian firm has fallen prey to a massive cyberattack. This time, the victim is a Fortune India 500 List company: Mumbai-headquartered Aditya Birla Group (ABG). The conglomerate includes Aditya Birla Fashion and Retail Ltd. (ABFRL) as well as businesses in other sectors. ABFRL, formed after the merger of Madura Fashion & Lifestyle and Pantaloons, describes itself as “India’s first billion-dollar pure-play fashion powerhouse with an elegant bouquet of leading fashion brands and retail formats.”
In a corporate presentation published in July, 2021, ABG claimed to be a US$ 45-billion conglomerate that has 130 manufacturing units globally, and 140,000+ employees of 100 nationalities in 36 countries.
In early December, DataBreaches.net was contacted by ShinyHunters, who alerted this site to the attack which was then still in progress. The firm had detected them early, ShinyHunters told this site, but the threat actors still had access.
Even as of today, ShinyHunters claims to still have access.
As a sample of the types of information the threat actors acquired already, this site was shown headers from one of the employee-related databases:
PoornataID,HRStatus,PositionNumber,PositionTitle,HireDate,NameDisplay,NamePrefix,FirstName,MiddleName,LastName,BirthDate,BirthCountry,MaritialStatus,Gender,City,State,Postal,Emailid,ABGExperience,Age,Company,Business,BusinessUnit,Department,Location,JobBand,Designation,ReportsTo,SupervisorId,FunctionCd,FunctionDescription,SubFunction,SalaryGrade,HolidaySchedule,ManagerId,ManagerName,ManagerDesignation,ConfirmationDate,CostCentre,Religion,LastPromotionDate,Phone,Extension,Cadre,ManagerEmailId
Not all the fields reportedly had actual data, but ShinyHunters claimed to have sensitive data on both customers and employees and showed a small sample of both to DataBreaches.net.
DataBreaches.net reached out to ABG via email to ask their response to the claims and incident, and to ask whether they were going to notify employees and customers. Despite such inquiries sent to multiple email ABG addresses and personnel on December 3, December 4, December 10, and January 10, no replies were received.
DataBreaches.net has found no notice on their site or press release.
Today, ShinyHunters notified DataBreaches.net that after more failed negotiations between ShinyHunters and ABG or their representative — negotiations that ShinyHunters described to this site as a stalling tactic — ShinyHunters was leaking the data on a popular forum where data are shared or sold:
So we decided to leak everything for you guys including their famous divisions such as Pantaloons.com (https://facebook.com/pantaloons) or Jaypore.com (https://facebook.com/jaypore).
Within an hour or so, the hosting site removed the dump for violations of TOS. The data are reportedly in the process of being reuploaded to another site.
Credit Card Data, Too?
ShinyHunters informed this site that although they acquired customers’ credit card data with expiration date and CVV — and that ABFRL Pantaloons knows that ShinyHunters is in possession of such data, the firm has allegedly not informed customers about the breach of card data. If they have notified employees and customers privately of the data breach and exfiltration of data, DataBreaches.net has seen no proof of that as yet.
If any reader is a Pantaloons customer or employee who has been informed of the breach, please contact this site with details of how you were informed and what you were told. Thank you.
This was their email :
We hope you are staying safe.
We would like to inform you that there has been an information security incident that entailed illegal and unauthorized access to a part of our customer database. Earlier this week, we discovered that profile information of some of our customers has been released in some cyber forums.
We are completely cognizant, that this would be of great concern to you. As a precautionary measure, we have reset passwords of all customers, enabled OTP based authentication, and taken further steps to secure access to customer information. In case you have been using common passwords on other sites, we request you to change the same, as a matter of abundant precaution. We would like to assure you that besides some details which are part of your profile, no financially sensitive information pertaining to your payment modalities or instruments, has been compromised as a result of this unscrupulous intrusion of our database.
We have immediately intimated relevant cyber authorities and are taking necessary steps to bring the culprits to book. We have also engaged leading forensic security experts to carry out an investigation. While we have a robust security architecture, we will further reinforce our security protocols.
We regret the inconvenience caused. Thank you for your patronage and your continued trust in our brands. We are committed to ensuring a safe online shopping experience for you.
Aditya Birla Fashion and Retail Ltd
ShinyHunters continues to assert that they still have access and that the retailer doesn’t seem to have figured out how.