Mumbai: Important employee data reportedly hacked from Tata Power servers 10 days ago, was leaked on the dark web early Tuesday. The Hive ransomware group has claimed responsibility for the recent cyberattack and data leak on Tata Power.
Tata Power, which serves more than 12 million customers through its distributors, confirmed on October 14 that it had been hit by a cyberattack that impacted some of its IT systems. “The company has taken steps to retrieve and restore the systems. All critical operational systems are functioning,” Tata Power said at the time, but did not confirm any specific details about the attack and its impact at the time.
As per media reports, the data stolen and leaked includes sensitive employee information, such as Aadhaar national identity card numbers, tax account numbers, salary information, home addresses and phone numbers. The leaked data, which was posted to Hive’s dark web leak site on October 24, also includes engineering drawings, financial and banking records, client records and some private keys. The listing of stolen data suggests any negotiations to pay a ransom failed.
Hive's inception and previous cases
The Hive ransomware gang has been active since mid-2021. According to cybersecurity experts, Hive is among the top three ransomware threats. The gang and its affiliates started targeting organizations that experienced high downtime costs, such as healthcare providers, energy providers and retailers. The group is known for its aggressive tactics and has been observed using methods such as “triple extortion,” whereby the attackers seek money not only from the organization that was first targeted but also from anyone who might be impacted by the disclosure of that organization’s data.
Hive, the ransomware gang that recently hit the Costa Rican government, this week listed Tata Power on its dark web leak site, which it uses to publicize attacks and stolen data.
The attack on Tata Power is the latest in a series of attacks carried out by Hive. Last month, the group claimed an attack on the New York Racing Association just a few days after leaking data stolen from Bell Canada-owned subsidiary Bell Technical Solutions.
