Major Indian fashion retailer hacked and data leaked
Another major Indian firm has fallen prey to a massive cyberattack. This time, the victim is a Fortune India 500 List company: Mumbai-headquartered Aditya Birla Group (ABG). The conglomerate includes Aditya Birla Fashion and Retail Ltd. (ABFRL) as well as businesses in other sectors. ABFRL, formed after the merger of Madura Fashion & Lifestyle and Pantaloons, describes itself as “India’s first billion-dollar pure-play fashion powerhouse with an elegant bouquet of leading fashion brands and retail formats.”
In a corporate presentation published in July, 2021, ABG claimed to be a US$ 45-billion conglomerate that has 130 manufacturing units globally, and 140,000+ employees of 100 nationalities in 36 countries.
In early December, DataBreaches.net was contacted by ShinyHunters, who alerted this site to the attack which was then still in progress. The firm had detected them early, ShinyHunters told this site, but the threat actors still had access.
Even as of today, ShinyHunters claims to still have access.
As a sample of the types of information the threat actors acquired already, this site was shown headers from one of the employee-related databases:
Not all the fields reportedly had actual data, but ShinyHunters claimed to have sensitive data on both customers and employees and showed a small sample of both to DataBreaches.net.
DataBreaches.net reached out to ABG via email to ask their response to the claims and incident, and to ask whether they were going to notify employees and customers. Despite such inquiries sent to multiple email ABG addresses and personnel on December 3, December 4, December 10, and January 10, no replies were received.
DataBreaches.net has found no notice on their site or press release.
Today, ShinyHunters notified DataBreaches.net that after more failed negotiations between ShinyHunters and ABG or their representative — negotiations that ShinyHunters described to this site as a stalling tactic — ShinyHunters was leaking the data on a popular forum where data are shared or sold:
Within an hour or so, the hosting site removed the dump for violations of TOS. The data are reportedly in the process of being reuploaded to another site.
Credit Card Data, Too?
ShinyHunters informed this site that although they acquired customers’ credit card data with expiration date and CVV — and that ABFRL Pantaloons knows that ShinyHunters is in possession of such data, the firm has allegedly not informed customers about the breach of card data. If they have notified employees and customers privately of the data breach and exfiltration of data, DataBreaches.net has seen no proof of that as yet.
If any reader is a Pantaloons customer or employee who has been informed of the breach, please contact this site with details of how you were informed and what you were told. Thank you.