Tata Power, a subsidiary of the Tata Group has been attacked by the Hive ransomware gang, as claimed by the group itself. Hive operators are currently in the process of leaking data stolen from the breach, a possible sign that ransom negotiations have broken down.
Cybersecurity researcher Dominic Alvieri tweeted about the attack while sharing a screenshot of a Tata Power listing on the HiveLeaks website.
According to researcher Rakesh Krishnan, the leaked data includes employees’ personally identifiable information including Aadhar and PAN numbers and salary information among other things. The data dump also consists of engineering drawings, client records and financial and banking records for the company.
Hive claims that they hacked the company on October 3. Tata Power disclosed the attack on October 14 in a stock filing stating it suffered a “cyber attack on its IT infrastructure impacting some of its IT systems”, however, they did not share any information regarding the threat actors or the nature of the attack.
According to the filing, the company is currently working to regain control and restore the systems. Tata also ensured that all critical operational systems are functioning as usual, however, “as a measure of abundant precaution” access has been restricted and preventive checks are being carried out for employee and customer-facing portals as well as other possible points of entry.
Hive is known to be more active and aggressive than most ransomware gangs and employs a rather wide range of tactics and procedures as stated by the FBI earlier this year. The group has previously claimed to attack the New York Racing Association in September this year as well as the attack on the Memorial Health System last year resulting in surgery and operation cancellations as well as patient data theft.
In the News: Google fined $162 million in Indian antitrust probe