According to Wikipedia, in 2019, the group earned revenue of 250 billion rupees (A$4.8 billion). Its headquarters is in Gurgaon, which is about 30km southwest of the Indian capital New Delhi, and it had 19,000 employees in 2019. Indiabulls has three operating divisions: Indiabulls Housing Finance, Indiabulls Ventures and Indiabulls Real Estate..
The attackers have released some financial data on the dark Web. iTWire has contacted Indiabulls for comment.
According to the US-based cyber threat intelligence firm Cyble among the data already released is the following:
- Aadhaar (Indian identity card) card, voter ID, PAN card (issued by Indian tax authorities), passports, driving licences of customers;
- Customer loan details along with the property address against which a given loan has been taken, present address of customers along with their personal email IDs and mobile numbers;
- Indiabulls employee data which includes employee name, employee user IDs, official e-mail IDs, operating branch, and mobile numbers;
- Private keys and certificates for facilitating ENet services from bank(s); and
- Letters sent to banks requesting to open new current accounts along with names of the Indiabulls account signatories.
The Indian financial news website livemint said Indiabulls had confirmed that it had suffered a "minor data breach" on 22 June involving non-sensitive information, adding that affected systems had been restored by 23 June.
livemint quoted a company spokesperson as saying: “Yesterday, our digital risk monitoring service provider, CloudSec, informed us that there has been an attempt to penetrate our peripheral systems.
"The information being leaked by these threat actors is not sensitive in nature. All data and information pertaining to our customers is safe and securely placed.
"We have successfully restored all the affected systems through our encrypted data back-up storage. Each and every system is functioning and operating normally."
Cyble claimed that the data was sensitive, saying in its blog post: "The current data leak includes snapshots of highly sensitive bank-related documents of the company such as account transaction details, vouchers, letters sent to bank managers, and much more. Below are few snapshots been leaked by the CLOP ransomware operators."
But the Indiabulls spokesperson denied this, telling livemint: "Presently, we are analysing the incident through cyber footprints to restrict future occurrences.
"We have already put in place stringent and rigid access management controls considering cyber security in the backdrop of the ongoing COVID-19 pandemic, and have implemented world class IT infrastructure tools and technologies to ensure cyber resilience and provide a robust business framework.
"We have been keeping our users updated through cyber security advisories at all levels at frequent intervals."