wordpress blog stats
Connect with us

Hi, what are you looking for?

Aditya Birla Fashion and Retail Ltd faces data breach, company says investigation underway

Information on customers and employees were dumped online after negotiations with a hacker group broke down.

Aditya Birla Fashion and Retail Ltd (ABFRL) recently suffered a data breach that has exposed the data of both its customers and employees. Confirming the breach, an ABFRL spokesperson said that it was investigating the unauthorised access to customer data.

ABFRL is a subsidiary of the Aditya Birla group, with outlets such as Pantaloons and brands such as Peter England and Louis Philippe listed under it.

The database was reportedly hacked by a group called ShinyHunters and its details were uploaded on an underground website. According to HaveIBeenPwned, a website which tracks and provides information on database leaks, details of around 5.4 million email addresses associated with ABFRL were dumped on the underground website. These details, according to the website, include —

  • Personal customer information such as name, phone number, physical addresses, DoBs, and order histories
  • Employee information such as salary grades, marital status, and religion.

Such instances leading to personal data being sold on the dark web are increasing with every year, while India’s Data Protection Bill is still to take effect. Without a data protection authority (as proposed by the bill), there is regulatory ambiguity in terms of who should respond to and investigate such breaches.

We have engaged experts to carry out an investigation: ABFRL

MediaNama reached out to ABFRL with specific queries on whether affected customers have been or will be notified. Without providing a specific answer, the retail wing of the Aditya Birla group said that it has engaged forensic security experts to carry out an investigation into the “unauthorised access to its e-commerce database”. It also said that the authorities have been intimated.

“There has been no operational or business impact. As a pro-active measure, the company has reset passwords of all customers and enabled OTP based authentication and taken further steps to secure access to customer and employee information.” — ABFRL spokesperson

Negotiations for money failed: ShinyHunters

On the underground website, ShinyHackers said that they had tried negotiating with ABFRL regarding the data leak.

Advertisement. Scroll to continue reading.

“We tried to get in touch with ABFRL. They sent a negotiator but he was just stalling (the offer was more than reasonable for a “US$ 45-Billion conglomerate”). So we decided to leak everything for you guys including their famous divisions such as Pantaloons.com or Jaypore.com),” it wrote in the forum.

Work-from-home scenario may have played a part in the breach

Speaking to MediaNama, cybersecurity researcher Rajshekhar Rajaharia opined that the current work-from-home scenario may have played a part in the ABFRL data breach. He explained, “Issued crop up when people work from home. Some computers won’t even have firewall.”

Secondly he said, another big problem is that of people keeping passwords to their personal and professional emails, the same.

“Passwords should be separate so that even if one’s personal email gets compromised, the professional email will not be affected. Now assume if a company’s server admin’s personal email address gets compromised, and his or her password for the professional email is also same as that of the personal email. Now his professional email will get compromised, and server admins since they have total server credentials may then lead to compromise of the server,” he said.

 

 

Advertisement. Scroll to continue reading.

Also Read:

Update, January 17, 11.25 pm: Removed a section which claimed to describe ShinyHunter’s previous hacking exploits

Have something to add? Subscribe to MediaNama here and post your comment. 

Written By

Among other subjects, I cover the increasing usage of emerging technologies, especially for surveillance in India

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.

News

Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

News

This article addresses the legal and practical ambiguities in understanding the complex crypto ecosystem in India.

News

It is widely argued that the PDP Bill report seeks to discard the intermediary status of social media platforms but that may not be...

News

Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ