Indian sweets and snacks giant Haldiram’s was hit by a cyberattack. Details about the attack only emerged last week when local police lodged a first information report (FIR). Police did this two months after the initial report of the attack to them from Haldiram. Meanwhile, Mr. Aziz Khan, DGM IT at Haldiram’s Snacks Pvt Ltd, has confirmed that all data has been restored from backups.
Crucial Data Stolen
On the night of 12 July this year, major Indian food manufacturer Haldiram’s suffered a ransomware attack. The IT department first received notice that some of the dispatch orders had been held up. Following further investigations, Haldiram’s IT department found that all the company’s servers had been hacked.
The leaked data included highly sensitive information, such as financial and employee information, as well as sales, purchases and inventory data. The hackers left a message on all affected servers. They demanded 0.75 million rupees ($10,250) for decrypting the data, granting back access, and to delete the data from their end. To put this amount into perspective: the average salary for a well-paid software engineer in Kolkata is approximately $800 per month.
Haldiram’s not only manufactures Indian sweets and snacks in various locations. They also have their own chain of retail stores. As well as restaurants in Nagpur, Kolkata, Noida and Delhi. The US was the first market Haldiram’s started exporting to, thanks to its large Indian population.
FIR Filed Two Months After Initial Report
Haldiram’s filed a report with the police just days after the attack, on 17 July. However, it took two months before a FIR was lodged by the police’s cyber cell. In the interim, Haldiram’s hired a private analyst to investigate the issue. According to the police, they only lodged the FIR mid-October, once they had received more details about the attack in the first week of October.
In the meanwhile, Haldiram’s solved the issue internally and managed to restore all its systems from backups. This means that Haldiram’s must have kept offline backups, which were held separately from the compromised systems. It is not known if any of the stolen data was made available for sale on the dark web or leaked to other parties.
Cybersecurity incidents are also on the rise in India. The Indian Computer Emergency Response Team (CERT-In) reported 49,455 cybersecurity incidents in the year 2015, 50,362 in 2016 and 53,117 in 2017. This quickly jumped to 208,456 in 2018, 394,499 in 2019 and 696,938 in 2020 (2020 data only covered the period up to August).