Data breach threat emerges for employees of Indian conglomerate Piramal Group
A hacker claims to have access to data related to thousands of current and former employees of the Indian conglomerate Piramal Group. The hacker, who remains anonymous, listed a portion of the stolen data on a cybercrime forum. The data sample includes full names and email addresses, making it potentially valuable for cybercriminals looking to target employees with cyberattacks.
Piramal Group is a multinational company operating in various sectors including pharma, financial services, and real estate. With over 10,000 employees representing 21 nationalities, the company has a global presence in more than 100 markets. It is the parent company of subsidiaries such as Piramal Enterprises, Piramal Pharma, Piramal Healthcare, and Piramal Realty.
TechCrunch obtained a larger sample of the stolen data, containing over 10,000 entries. The validity of the data was confirmed by cross-referencing with a job listing portal, which showed that the entries corresponded to current and former employees of Piramal Group.
When approached by TechCrunch, Piramal Group denied any data breach on its systems. The company asserted that its IT and cybersecurity teams thoroughly investigated the matter and found no evidence to support the claim of a breach. A spokesperson for Piramal Group suggested that the data may have been sourced from a third-party platform, without disclosing the specific platform in question.
It is worth noting that Piramal Group did not provide details on how it determined that no breach had occurred. Questions regarding the company’s technical capabilities to detect data exfiltration also went unanswered. However, Piramal Group did confirm that India’s computer emergency response team, CERT-In, had inquired about the alleged data breach. After conducting their own investigation, Piramal Group assured CERT-In that no such breach had occurred and that no information had been compromised.
While Piramal Group maintains that there has been no breach, the potential exposure of employee data remains a concern. Cybercriminals could leverage this information to launch targeted attacks, such as phishing attempts or identity theft. It is essential for Piramal Group and other organizations to continually assess and strengthen their cybersecurity measures to safeguard sensitive employee data. This incident serves as a reminder for companies to remain vigilant and proactive in protecting their employees’ information from potential data breaches.
