Hive ransomware has claimed responsibility for the latest data breach on Tata Power, a leading Indian energy company, and has begun leaking stolen employee information.
Tata Power Hackers Leaks Stolen Data
According to TechCrunch, India's largest power generation company disclosed on Oct. 14 that it had been the victim of a cyber attack. Malicious hackers targeted the company's information technology (IT) infrastructure.
"The company has taken steps to retrieve and restore the systems." "All critical operational systems are functioning," Tata Power stated at the time, but didn't confirm any detailed information about the intrusion or its impact.
Since the cyberattack was discovered, the company has already limited access and implemented preventive measures for employees, as well as on customer portals and other company touchpoints. The corporation also continued to operate while the affected systems were being restored.
Based on the same TechCrunch report, the hacker group recently targeted the Costa Rican government and has already published stolen data from the country on their dark web leak site.
A report said Hive claimed to have encrypted the company's data on Oct. 3, implying Tata Power was aware of the breach two weeks before filing its initial report.
Contracts, financial and business documents, engineering projects, and employees' personally identifiable information (PII), including Aadhar card numbers, have all been stolen from the attack. Screenshots obtained by several sources also indicate that the leaked document contains engineering drawings, financial and banking records, and client information.
According to BleepingComputer, threat actors like extortion and ransomware groups frequently start leaking or selling the data they have breached their targets' systems if the target refuses to pay the ransom demand and subsequent negotiations are unsuccessful.
As per reports, the Hive ransomware gang has been operating since 2021. They have also been reportedly targeting businesses with high downtime costs, like healthcare providers, energy companies, and retailers.
A Look at Indian Cyber Security
It is unclear at this time whether Tata Power will be charged for failing to report the cyberattack within hours of its discovery. The Indian Computer Emergency Response Team (CERT-In) recommends that all enterprises be required to report any cyber incidents to CERT-In within six hours of becoming aware of the event.
According to the Internet Society, CERT-In is a government-appointed nodal agency tasked with performing cybersecurity-related functions. The agency has laid out instructions concerning information security practices, procedures, cybersecurity incident prevention, response, and reporting.
The average cost of a data breach in India is about US$2.12 million, according to a 2021 IBM survey. Meanwhile, the average mean time to discover a data breach was 239 days, and the average mean time to stop one was 81 days.
The adoption of AI, security analytics, and encryption were the top three mitigating factors that were shown to lower the cost of a breach, saving companies between $1.25 million and $1.49 million in comparison to those who did not use these tools to a significant extent.