Piramal Group denies breach after hacker claims data theft
What's the story
A hacker has reportedly stolen data pertaining to thousands of current and former employees of the Indian multinational conglomerate, Piramal Group. The company, with a workforce comprising 10,000 employees from 21 nationalities in over 30 countries, is a major player in the pharma, financial, and real estate sectors. Last week, the hacker released a small portion of the purportedly stolen data on a recognized cybercrime forum which included full names and email addresses.
Information
Data believed to be legitimate
TechCrunch has obtained a larger sample of the alleged stolen data from the hacker. This sample contained over 10,000 entries. Some of these entries were cross-verified using a job listing portal and found to be related to current and former employees of Piramal Group.
Official statement
Piramal Group denies data theft allegations
Piramal Group's spokesperson, Mihir Mukherjee, refuted the data breach allegations in an emailed statement to TechCrunch. "After conducting a thorough investigation, we can confirm that there has been no data breach incident at Piramal Group," Mukherjee stated. He further mentioned their IT and cybersecurity teams found no evidence to support the claim of stolen information. Mukherjee stated, "the sample data does not include any Piramal information such as employee email IDs, and it appears to originate from a third-party platform."
Official response
Response to CERT-In inquiry
Piramal Group confirmed receiving an inquiry from India's computer emergency response team, CERT-In, regarding the alleged data breach. In response, Mukherjee stated, "After a thorough investigation, we confirmed [to] CERT-In that no such data breach incident has occurred on our systems, and no information is compromised." The company did not provide further details on how they determined that no data breach had occurred or whether they have the technical means to detect data exfiltration.