Another researcher Rakesh Krishnan shared screenshots of the stolen data—which appears to include Tata Power employees’ personally identifiable information (PII), National ID (Aadhar) card numbers, PAN (tax account) numbers, salary information, etc.

Additionally, the data dump contains engineering drawings, financial and banking records as well as client information, suggests Krishnan.

Hive operators claim that they encrypted Tata Power’s data on October 3rd. 

On Friday, October 14th, Tata Power disclosed a cyber attack on its “IT infrastructure impacting some of its IT systems” in a stock filing without sharing additional information with regard to the whereabouts of the threat actor.

“The Company has taken steps to retrieve and restore the systems. All critical operational systems are functioning; however, as a measure of abundant precaution, restricted access and preventive checks have been put in place for employee and customer facing portals and touch points,” stated Tata Power’s filing, signed by company secretary H.M. Mistry at the time.

Threat actors like extortion and ransomware groups typically begin leaking or selling data stolen from breaching their targets should the target refuse to pay their ransom demand and subsequent negotiations fail.

Read On: