wordpress blog stats
Connect with us

Hi, what are you looking for?

Aditya Birla Fashion and Retail Ltd faces data breach, company says investigation underway

Information on customers and employees were dumped online after negotiations with a hacker group broke down.

Aditya Birla Fashion and Retail Ltd (ABFRL) recently suffered a data breach that has exposed the data of both its customers and employees. Confirming the breach, an ABFRL spokesperson said that it was investigating the unauthorised access to customer data.

ABFRL is a subsidiary of the Aditya Birla group, with outlets such as Pantaloons and brands such as Peter England and Louis Philippe listed under it.

The database was reportedly hacked by a group called ShinyHunters and its details were uploaded on an underground website. According to HaveIBeenPwned, a website which tracks and provides information on database leaks, details of around 5.4 million email addresses associated with ABFRL were dumped on the underground website. These details, according to the website, include —

  • Personal customer information such as name, phone number, physical addresses, DoBs, and order histories
  • Employee information such as salary grades, marital status, and religion.

Such instances leading to personal data being sold on the dark web are increasing with every year, while India’s Data Protection Bill is still to take effect. Without a data protection authority (as proposed by the bill), there is regulatory ambiguity in terms of who should respond to and investigate such breaches.

We have engaged experts to carry out an investigation: ABFRL

MediaNama reached out to ABFRL with specific queries on whether affected customers have been or will be notified. Without providing a specific answer, the retail wing of the Aditya Birla group said that it has engaged forensic security experts to carry out an investigation into the “unauthorised access to its e-commerce database”. It also said that the authorities have been intimated.

“There has been no operational or business impact. As a pro-active measure, the company has reset passwords of all customers and enabled OTP based authentication and taken further steps to secure access to customer and employee information.” — ABFRL spokesperson

Negotiations for money failed: ShinyHunters

On the underground website, ShinyHackers said that they had tried negotiating with ABFRL regarding the data leak.

Advertisement. Scroll to continue reading.

“We tried to get in touch with ABFRL. They sent a negotiator but he was just stalling (the offer was more than reasonable for a “US$ 45-Billion conglomerate”). So we decided to leak everything for you guys including their famous divisions such as Pantaloons.com or Jaypore.com),” it wrote in the forum.

Work-from-home scenario may have played a part in the breach

Speaking to MediaNama, cybersecurity researcher Rajshekhar Rajaharia opined that the current work-from-home scenario may have played a part in the ABFRL data breach. He explained, “Issued crop up when people work from home. Some computers won’t even have firewall.”

Secondly he said, another big problem is that of people keeping passwords to their personal and professional emails, the same.

“Passwords should be separate so that even if one’s personal email gets compromised, the professional email will not be affected. Now assume if a company’s server admin’s personal email address gets compromised, and his or her password for the professional email is also same as that of the personal email. Now his professional email will get compromised, and server admins since they have total server credentials may then lead to compromise of the server,” he said.


Get our white paper on the Data Protection Bill 2021 in your inbox

We may also reach out occasionally with our coverage of the Data Protection Bill and more.
By filling out this form, you agree to receive a copy of MediaNama's white paper and further information about MediaNama's work and services.


Advertisement. Scroll to continue reading.

Also Read:

Update, January 17, 11.25 pm: Removed a section which claimed to describe ShinyHunter’s previous hacking exploits

Have something to add? Subscribe to MediaNama here and post your comment. 

Written By

Among other subjects, I cover the increasing usage of emerging technologies, especially for surveillance in India

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ