Aditya Birla Fashion and Retail Ltd (ABFRL) recently suffered a data breach that has exposed the data of both its customers and employees. Confirming the breach, an ABFRL spokesperson said that it was investigating the unauthorised access to customer data. ABFRL is a subsidiary of the Aditya Birla group, with outlets such as Pantaloons and brands such as Peter England and Louis Philippe listed under it. The database was reportedly hacked by a group called ShinyHunters and its details were uploaded on an underground website. According to HaveIBeenPwned, a website which tracks and provides information on database leaks, details of around 5.4 million email addresses associated with ABFRL were dumped on the underground website. These details, according to the website, include — Personal customer information such as name, phone number, physical addresses, DoBs, and order histories Employee information such as salary grades, marital status, and religion. Such instances leading to personal data being sold on the dark web are increasing with every year, while India’s Data Protection Bill is still to take effect. Without a data protection authority (as proposed by the bill), there is regulatory ambiguity in terms of who should respond to and investigate such breaches. We have engaged experts to carry out an investigation: ABFRL MediaNama reached out to ABFRL with specific queries on whether affected customers have been or will be notified. Without providing a specific answer, the retail wing of the Aditya Birla group said that it has engaged forensic security experts to carry out an…
