Page Loader
Summarize
Piramal Group denies breach after hacker claims data theft
Piramal Group's workforce comprises nearly 10,000 employees

Piramal Group denies breach after hacker claims data theft

Jul 25, 2024
06:12 pm

What's the story

A hacker has reportedly stolen data pertaining to thousands of current and former employees of the Indian multinational conglomerate, Piramal Group. The company, with a workforce comprising 10,000 employees from 21 nationalities in over 30 countries, is a major player in the pharma, financial, and real estate sectors. Last week, the hacker released a small portion of the purportedly stolen data on a recognized cybercrime forum which included full names and email addresses.

Information

Data believed to be legitimate

TechCrunch has obtained a larger sample of the alleged stolen data from the hacker. This sample contained over 10,000 entries. Some of these entries were cross-verified using a job listing portal and found to be related to current and former employees of Piramal Group.

Official statement

Piramal Group denies data theft allegations

Piramal Group's spokesperson, Mihir Mukherjee, refuted the data breach allegations in an emailed statement to TechCrunch. "After conducting a thorough investigation, we can confirm that there has been no data breach incident at Piramal Group," Mukherjee stated. He further mentioned their IT and cybersecurity teams found no evidence to support the claim of stolen information. Mukherjee stated, "the sample data does not include any Piramal information such as employee email IDs, and it appears to originate from a third-party platform."

Official response

Response to CERT-In inquiry

Piramal Group confirmed receiving an inquiry from India's computer emergency response team, CERT-In, regarding the alleged data breach. In response, Mukherjee stated, "After a thorough investigation, we confirmed [to] CERT-In that no such data breach incident has occurred on our systems, and no information is compromised." The company did not provide further details on how they determined that no data breach had occurred or whether they have the technical means to detect data exfiltration.