Aditya Birla Fashion and Retail Ltd. (ABFRL) Hacked, Data Leaked

Aditya Birla Fashion and Retail Ltd. (ABFRL) is a large conglomerate retail outlet with 3,212 retail stores throughout India and over 22,000 employees. It is a subsidiary of the Aditya Birla Group, which spans numerous sectors and has annual revenues of $45 Billion.

^{_{Aditya Birla Fashion & Retail Logo}}

On January 11, 2022 famous, due to previous loud cases, ShinyHunters hacking group has published on underground forum data concerning ABFRL.

In their supporting message hackers say: “We tried to get in touch with ABFRL. They sent a negotiator but he was just stalling (the offer was more than reasonable for a “US$ 45-Billion conglomerate”).
So we decided to leak everything for you guys including their famous divisions such as Pantaloons.com (https://facebook.com/pantaloons) or Jaypore.com (https://facebook.com/jaypore).”

Kaduu team acquired leaked files, size of which is already impressive: almost 200GB. We believe this data is truly taken from ABFRL, however company does not give an official statement.

Among the files we have found:

SQL databases concerning Jaypore.com, Limesurvey.org, Pantaloons.com, Flamingomom,
Exhaustive list of employees,
Allegedly Atos-made security reports.

Sensitive data of employees include:

PoornataID, HRStatus, PositionNumber, PositionTitle, HireDate, NameDisplay, NamePrefix, FirstName, MiddleName, LastName, BirthDate, BirthCountry, MaritialStatus, Gender, City, State, Postal, Emailid, ABGExperience, Age, Company, Business, BusinessUnit, Department, Location, JobBand, Designation, ReportsTo, SupervisorId, FunctionCd, FunctionDescription, SubFunction, SalaryGrade, HolidaySchedule, ManagerId, ManagerName, ManagerDesignation, ConfirmationDate, CostCentre, Religion, LastPromotionDate, Phone, Extension, Cadre, ManagerEmailId

According to DataBreaches.net “ShinyHunters informed that although they acquired customers’ credit card data with expiration date and CVV — and that ABFRL Pantaloons knows that ShinyHunters is in possession of such data, the firm has allegedly not informed customers about the breach of card data. If they have notified employees and customers privately of the data breach and exfiltration of data, DataBreaches.net has seen no proof of that as yet.”

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.