Hacker Alleges Unauthorized Access to Piramal Group Employee Information

An individual claiming to engage in cybercrime has allegedly put up for sale the personal data of numerous past and present employees from the Indian multinational conglomerate, Piramal Group, which has business interests in pharmaceuticals, financial services, and real estate sectors.

This revelation came to light last week when TechCrunch reported spotting a posting by an anonymous cybercriminal on a notorious digital underworld forum, where a snippet of the purportedly pirated Piramal data was shown without specifying the price. This snippet reportedly contains individuals’ full names and their email details.

Such unauthorized access to private data could significantly aid cybercriminals in orchestrating targeted cyberthreats against company employees.

Boasting a global workforce of over 10,000 employees from 21 different nationalities and operating in more than 30 countries, Piramal Group has carved a niche for itself on the international stage, as highlighted by their website. Anchored in Mumbai, the corporation enjoys a wide-reaching brand recognition in over 100 markets worldwide. Its diverse operations span several subsidiaries including Piramal Enterprises in the non-banking financial sector, Piramal Pharma in pharmaceuticals, Piramal Healthcare in healthcare services, and Piramal Realty focusing on real estate.

TechCrunch also disclosed having accessed a more extensive set of the alleged Piramal data, with over 10,000 records. Through cross-referencing with an online job portal, TechCrunch could confirm that several entries corresponded to Piramal’s current and past workforce.

However, when TechCrunch approached Piramal Group with a subset of the disclosed data, the company refuted any breach of their systems. They proposed that the data might have been obtained from an external source.

“Following an in-depth review, we ascertain that Piramal Group has not been compromised in a data breach incident. Our cybersecurity and IT teams have meticulously audited our infrastructure, finding no substantiation for the allegations that such data resides on our servers. Moreover, the example data shared lacks any internal identifiers such as Piramal employee email addresses, suggesting it was acquired from an external entity,” Piramal spokesperson Mihir Mukherjee elaborated in a statement via email.

The spokesperson declined to specify which external platform could be the source. Furthermore, there was no elucidation on the methods Piramal employed to verify the absence of a data breach or if they possess the capabilities to detect unauthorized data removal.

Piramal also communicated to TechCrunch that India’s cybersecurity watchdog, CERT-In, had queried them about the purported data breach.

“Upon comprehensive scrutiny, we assured CERT-In that our systems had not been breached and assured that no data has been compromised,” said the spokesperson.