A while ago, one of India’s biggest energy companies – Tata Power – reported a cyber attack on its IT infrastructure. Now, it’s back in the spotlight as the Hive ransomware group is delivering on its threats. Yes, the threat actors have started leaking the harvested information for anyone to access.
Hive is one of the most dangerous ransomware groups in the world. It successfully infiltrated big companies such as Rompetrol and Emil Frey – to name of few.
The latest victim would be Tata Power. The company disclosed the breach at the beginning of October 2022 but apparently failed to meet Hive’s demands, which lead to this leak. What data is out in the open? Was this a ransomware attack? Here’s what we know.
No to Ransomware – Tata Power’s Data Out in the Open
Data breaches are occurring regularly, especially this year as cybercriminals are out to make a name for themselves. Why? Well, when a group like Conti discontinues its operations, everyone wants to take the number 1 spot.
In Hive’s case, that’s not a difficult task as it’s already one of the most feared names in the cybersecurity universe. Unfortunately, Tata had to experience what this group is capable of the hard way.
Tata is huge not just in size but in revenue as well. It recently reported $5.3 billion in revenue during the most recent fiscal year, which explains why Hive had its eyes set on it.
The company disclosed the breach less than two weeks ago, and apparently, a ransom was demanded. So, we can assume that Tata Power has likely refused to pay a ransom.
As seen in the image above, the leak contains personally identifiable information. This includes Aadhaar identity numbers, salary specifics, engineering drawings, permanent account numbers (PAN), and driver’s licenses.
It doesn’t end here. The leak also exposes more information such as emails, addresses, phone numbers, passport numbers, and taxpayer data, among others.
Unfortunately, this shared data is very crucial as it can be used in future attacks, especially those that involve phishing campaigns.
As we mentioned, Tata is a very big company and a leak of that caliber can have a very big impact on the affected victims.
Tata Exposed – Who’s Next?
Hive is dangerous and we’ve seen what it can do on several occasions. According to research, the group was voted the third-most prevalent ransomware family in Q3 2022.
Well, when LockBit 3.0 and Black Basta are around, being third is a privilege for Hive. However, it did surpass the likes of AvosLocker, BlackByte, BlackCat, and Vice Society which are big names on their own.
Tata has its hands full now, trying to come back from such an incident. We don’t know if the shared information is being used in further attacks, but having them out in the open like that might lead to ones.