Data hacked from Tata Power servers leaked on dark web

A packet of important data reportedly hacked from Tata Power servers 10 days ago, was leaked on the dark web early Tuesday by Hive, a ransomware gang.

On October 14, Tata Power disclosed that its Information Technology infrastructure had been hit by a cyberattack and some of its systems were affected as a result of it. In a Bombay Stock Exchange filing, the Mumbai-headquartered company said all critical operational systems were functioning and it had “taken steps to retrieve and restore its systems.”

On Tuesday, Hive claimed responsibility for the cyberattack and began to release the hacked data on their dark web forum.

Just over a year old, Hive is among the top three ransomware threats according to cybersecurity experts. It is known to target sectors like energy, healthcare, financial services, media, and education together with other ransomware affiliates.

HT has seen samples of the leaked data, which included bank accounts of the company, bank statements as well as details of its employees including their remuneration and passport information. The leaked data also included details of the batteries used by Tata Power and diagrams of some of their grids.

A Tata Power spokesperson said that they did not have any comment to offer on the matter at this moment.

Cybersecurity experts who analysed the leaked data called it a “massive” and “serious” breach.

Philadelphia-based cybersecurity analyst Dominic Alvieri, said: “It appears as if every Tata bank account and October balance were released by Hive. Besides, a partial bank account list and Tata Power’s Excel spreadsheet for September, as well as employee passports, employee emails and various contracts are also included in the data.”

“We still are uncovering the extent of this data breach. However, the listing of stolen data suggests that details like Aadhar numbers, PAN numbers, salary details, address information, phone numbers etc as well as engineering drawings, financial and banking records, client records and private keys are included. Such incidents reiterate the importance for organizations knowing where their critical data is stored and ensure they are adequately monitored and protected by enforcing an effect data-centric zero-trust strategy,” said Maheswaran Shamugasundaram, country manager India, Varonis Systems, a NASDAQ-listed data security and analyst firm.

The global cybersecurity community has been tracking dark web chatter ever since Tata Power went public with its disclosure two weeks ago.

“The company has taken steps to retrieve and restore its systems. All critical operational systems are functioning. Restrictive access and preventive checks have been put in place for employees and customer facing portals and touch points,” Tata Power’s filing at the time stated.

Negotiations were reportedly underway between Hive and Tata Power for 10 days to retrieve the data. However, the talks reportedly broke down following which Hive started dumping the data on the dark web late on Monday night, US time, (around 6.30 am IST on Tuesday).

“The scale of the breach and the potential for exploitation of our citizen’s data is concerning. Vulnerabilities to critical infrastructure can be exploited to harm India by both State and non-State actors, especially from a social engineering standpoint. To prevent such exploits, organisations will need to embrace futuristic solutions that use artificial intelligence and machine learning to predict threats, like a nationwide cyber defence centre to monitor critical infrastructure 24X7,” said Harshil Doshi, country manager (India and SAARC), Securonix, a cyber security and threat detection firm.

“This is a massive and serious data breach and is also an indicator of the growing menace of ransomware attacks. Organisations should also be more careful about data confidentiality and not upload such sensitive data on cloud-based servers,” Mumbai-based cyber expert Ritesh Bhatia said.