Hacker claims theft of Piramal Group's employee data
A hacker claims to be selling data relating to thousands of current and former employees of the Indian conglomerate Piramal Group, a multinational company that operates across pharma, financial services and real estate. Piramal rebuffed claims that its systems were breached and said the information came from a third party.
In a listing on a known cybercrime forum last week seen by TechCrunch, the pseudonymous threat actor published a small portion of the allegedly stolen Piramal data for an undisclosed amount. The data sample included full names and email addresses.
The allegedly stolen data could be a boon for cybercriminals by using the information for targeting employees with cyberattacks.
Piramal Group has over 10,000 employees and 21 diverse nationalities working from its offices in over 30 countries worldwide, according to its website. The Mumbai-headquartered company also has a brand presence across over 100 markets globally. Piramal operates multiple subsidiaries, including the non-banking financial company Piramal Enterprises, pharmaceutical firm Piramal Pharma, healthcare company Piramal Healthcare, and real estate development arm Piramal Realty.
TechCrunch obtained a larger sample of data from the threat actor containing over 10,000 entries. TechCrunch validated some of the entries using a job listing portal and found them related to current and former employees of the Indian company.
Piramal denied a data breach on its systems when TechCrunch reached out on Tuesday with a sample of the data shared by the threat actor. The company suggested that the data could be sourced from a third party.
“After conducting a thorough investigation, we can confirm that there has been no data breach incident at Piramal Group. Our IT and cybersecurity teams have rigorously examined our systems, and there is no evidence to support the claim that any information or files of this nature exist on our servers. Additionally, the sample data does not include any Piramal information such as employee email IDs, and it appears to originate from a third-party platform,” said Piramal spokesperson Mihir Mukherjee in an emailed statement.
Piramal later contacted TechCrunch to say that it determined that the information came from Mailinator, a platform for testing email and SMS workflows. Mailinator did not immediately respond to a request for comment.
When asked by TechCrunch, Piramal’s spokesperson refused to say how the company determined that it had not experienced a data breach, such as whether Piramal has the technical means to detect data exfiltration.
Piramal also told TechCrunch that it received a query on the data breach incident from India’s computer emergency response team, known as CERT-In.
“After a thorough investigation, we confirmed [to] CERT-In that no such data breach incident has occurred on our systems, and no information is compromised,” the spokesperson said.
Updated with further comment from Piramal.