Indiabulls Group faced a ransomware attack whereby some data was leaked, according to a cyber intelligence firm while a group company on Tuesday said the affected systems have been restored and the incident was being analysed to restrict such occurrences in the future.
The ransomware operator leaked some of the data owned by Indiabulls Housing Finance Ltd by way of a screenshot, Cyble said in a blog on Tuesday.
An Indiabulls Housing Finance Ltd spokesperson said all data pertaining to its customers are safe.
"CLOP ransomware operators allegedly struck Indiabulls Group, a well-established Indian conglomerate company," Cyble said.
As per the blog posted on Tuesday morning, the leaked data seems to be a warning by the ransomware operators to Indiabulls Group to accept their terms within 24 hours. Otherwise, CLOP operators tend to leak a large lot of the company's confidential data, it added.
The spokesperson said its digital risk monitoring service provider (CloudSec) informed the company on Monday that there was an attempt to penetrate its peripheral systems.
"The information being leaked by these threat actors is not sensitive in nature. All data and information pertaining to our customers are safe and securely placed.
"We have successfully restored all the affected systems through our encrypted data back-up storage. Each and every system is functioning and operating normally," the spokesperson said.
Cyble said its research team has identified and analysed the leaked documents.
"The current data leak includes snapshots of highly sensitive bank-related documents of the company such as account transaction details, vouchers, letters sent to bank managers, and much more," Cyble claimed.
A gateway of Indiabulls had a technical vulnerability but it could not verify whether the breach in Indiabulls system had taken place due to the same vulnerability, Cyble said.
According to the spokesperson, the company is analysing the incident through cyber footprints to restrict future occurrences.
The company has already put in place stringent and rigid access management controls considering cyber security in the backdrop of the ongoing COVID-19 pandemic, the spokesperson said.
"We have been keeping our users updated through cyber security advisories at all levels at frequent intervals," the spokesperson added.