A cyber attack on Tata Power announced by the firm less than two weeks ago has been blamed on the Hive ransomware-as-a-service (RaaS) group.
According to reports, the incident took place on October 3, 2022. Additionally, as part of its double extortion scheme, the threat actor has also been detected leaking stolen data was exfiltrated before encrypting the network.
These are reportedly signed client contracts, agreements, and other sensitive data, including emails, addresses, phone numbers, passport numbers, and taxpayer information.
Tata Power stated in a filing with the National Stock Exchange (NSE) of India that “some of its IT systems” were impacted by an intrusion on the company’s IT infrastructure.
Security researcher Rakesh Krishnan provided additional information, revealing that the breach contained personally identifiable information (PII), including Aadhaar identity numbers, permanent account numbers (PAN), driver’s licenses, salary specifics, and engineering drawings.
The most recent development suggests that Tata Power declined to pay a ransom. Hence, the cybercriminal organization decided to post the stolen material on its HiveLeaks dark web blog instead.
Source: thehackernews.com, Ziroh Alert (#ZirohAlert)