On June 24, the personal details of the employees of the Indiabulls Group were leaked on the Web by ransomware attackers. As per Cyble, the US-based cyber security firm, Clop ransomware attackers had threatened to release sensitive data on June 23, if the Group did not pay up a certain ransom amount within 24 hours.
The data leaked includes sensitive personal details, such as names, addresses, phone numbers and scanned copies of Aadhar cards, PAN cards, passports, driving licenses, and so on. It also includes present addresses of the customers along with their personal email IDs and mobile numbers, as well as property addresses against which people have taken loans.
The cyber criminals, who are seeking a ransom, claim that this 4.75 GB of data is only the first batch of sensitive data they have in their possession. They have threatened to leak a second batch unless they are paid the ransom.
Though it is not yet clear how the hack actually happened or how the breach occured, it is suspected that the Indiabulls virtual private network (VPN) system was vulnerable.
Being aware of the nature of work of Indiabulls — which is into housing and consumer finance and wealth management — and the level of confidentiality involved in its transactions, the attackers used the ‘steal, lock/encrypt, inform’ approach, sharing their ransom demand via e-mail.
Earlier, however, Indiabulls had assured that the information that the attackers were threatening to leak was not sensitive and that the data pertaining to their customers was safe.
Now, the Gurugram-headquartered Indian conglomerate is analysing the attack via “cyber footprints to restrict future occurrences”.