Aditya Birla Fashion and Retail Ltd (ABFRL) suffered a data breach on its portal and the company is investigating the incident.
Meanwhile, the company has assured that it will have no operational or business impact on its operations.
The company has engaged forensic security experts to investigate the data breach incident where over 700GB of data and 5.4 million email addresses were released online from the portal of the Aditya Birla Group-owned company, an ET CISO report added.
“ABFRL is investigating an information security incident that entailed unauthorised access to its e-commerce database,” said an ABFRL spokesperson while confirming the incident.
However, he also added that there has been no operational or business impact.
“As a pro-active measure, the company has reset passwords of all customers and enabled OTP based authentication and taken further steps to secure access to customer and employee information,” he said.According to the reports, ABFRL’s database has been made public by a hacker group known as ShinyHunters.
Cyber security expert Rajshekhar Rajaharia has also shared information on this.
“#ShinyHunters allegedly made public 700 GB of data of #AdityaBirlaFashion including 5.4Mn emails, phone. It seems the New Year Data Breaches season started in India. Time to change work email’s password,” he tweeted.
The database includes personal customer information such as names, phone numbers, addresses, dates of births, order histories, credit card details, and passwords stored as Message-Digest algorithm 5 (MD5) hashes, the report added.
“We tried to get in touch with ABFRL. They sent a negotiator but he was just stalling (the offer was more than reasonable for a “US$ 45-Billion conglomerate”). So we decided to leak everything for you guys including their famous divisions such as Pantaloons.com or Jaypore.com,” said ShinyHunters in a post on RaidForums.
The data breach also includes details of employees, including salary details, religion, and marital status.
Upstox, an India based discount stock broker that enables its users to buy and sell shares suffered a data breach in the month of April previous year which has exposed some important data of people including their bank account number and their personal information like mobile number and email address which was also believed to be the handiwork of ShinyHunters that has been involved in several hacking incidents including top Indian companies like BigBasket, BuyUcoin and Juspay.
