‘Piramal Group’ Employee Information Stolen by BianLian Ransomware Gang Allegedly for Sale

• A hacker announced selling the Piramal Group data breach on a popular cybercrime forum.
• The 2023 cyberattack was claimed by BianLian Ransomware on the gang’s leak website.
• The published sample includes the full names and email addresses of employees.

A data breach containing the information of thousands of current and former employees of the Indian multinational company Piramal Group was recently listed on a popular cybercrime forum, TechCrunch reports. 

The hacker claims to be selling the data breach for an undisclosed amount, posting a sample that included full names and email addresses. TechCrunch obtained a larger sample of over 10,000 entries, and some of them concerned current and former employees.

BianLian Ransomware recently claimed Piramal as a victim, boasting of having stolen 870 GB of data, including financial, personal, project, and technical data, as well as accounting information of other companies.

The alleged Piramal Group cyber attack was reported by the ThreatMon Threat Intelligence team on June 28, 2023, and confirmed by threat intelligence service Falcon Feeds.

Piramal denied a data breach on its systems and suggested that the leak could be sourced from an unnamed third-party service, as the company said the sample data does not include employee email IDs or any Piramal information.

The Indian conglomerate that operates across pharma, financial services, and real estate has multiple subsidiaries, including a non-banking financial company, a pharmaceutical firm, a healthcare arm, and a real estate development arm.

Last month, the BianLian ransomware gang claimed to have data belonging to Northern Minerals. Some of the exfiltrated data, which also included sensitive employee details, was released on the Dark Web. The operators of the Browns Range mine in Western Australia confirmed the ransomware attack via an official statement. 

BianLian is a ransomware and data extortion group that has targeted organizations in several critical infrastructure sectors in the US since June 2022. They also attacked Australian critical infrastructure sectors, professional services, and property development.