KiranaPro data loss incident: CEO blames ex-employee for 'internal breach'
What's the story
KiranaPro, an Indian grocery delivery start-up, has been embroiled in a major data loss incident.
The Bengaluru-based company recently discovered that it had lost access to its back-end servers and critical data, including the source code of its app on GitHub.
Initially suspecting an external hack, KiranaPro's co-founder and CEO Deepak Ravindran later suggested that a former employee might be responsible for the incident, although he did not completely rule out the possibility of an external hack.
Employee involvement
Incident not a hack, says Ravindran
Ravindran took to X to clarify that the incident was not a hack but an internal breach.
He acknowledged that the company failed to revoke the former employee's access after they left, potentially allowing their account to be maliciously misused.
Ravindran also claimed that this trusted internal employee intentionally deleted critical server logs while they were being tested and/or edited.
The action, he said, directly violated their policies, principles, and the trust they place in their team.
Company measures
What the company is doing
In light of the incident, Ravindran said that KiranaPro is working on getting its app back up and running.
The company has considered starting a full forensic report to assess the complete scope and impact of the data deletion, pending discussions with the board and legal counsel.
As part of corrective measures, KiranaPro has strengthened access controls, improved audit logging, and revamped its multi-factor authentication protocols.
Business operations
KiranaPro is ONDC's buyer app
Launched in December 2024, KiranaPro is a buyer app on the Indian government's Open Network for Digital Commerce (ONDC).
The platform enables over 55,000 customers across 50 cities to order groceries from local stores and nearby malls through its voice-based interface.
It also supports local languages such as Hindi, Tamil, Malayalam, and English.
Security protocols
Customer data intact; start-up criticized for not paying employees
Despite the incident, Ravindran assured that customer data on the AWS cloud remained intact and was not accessed by any third parties.
He also said that the company has enough evidence to file a formal complaint with the police, but is still investigating.
The start-up has also been criticized for not paying its current employees in full after raising ₹100 million (roughly $1.2 million) in seed funding.
Twitter Post
Take a look at Ravindran's post
Clarifying the Recent Incident at @kirana_pro
— Deepak Ravindran 🇮🇳 (@deepakravindran) June 6, 2025
In light of recent events affecting our infrastructure, I want to take a moment to provide clarity and transparency regarding what occurred, the last few days have been hectic and stressful and firstly I would thank you for your…