Pine Labs Faces Alleged Data Breach; 50,000 Unique Records Exposed

Noida-based fintech unicorn Pine Labs seems to be the latest victim of data breach in the Indian startup ecosystem. The IPO-bound merchant commerce platform has allegedly witnessed breach of more than 50,000 unique records that includes sensitive information such as contact details, name, email. 

The hack by BlackMatter ransomware has allegedly exposed Pine Labs’ service and other private agreements between multiple Indian banks/institutions and Pine Labs, multiple financial reports, among others. The total data size hacked amounted to 100 Gb. 

The hack was first reported by Cyble,  a global threat intelligence SaaS provider on August 11, 2021. However, Pine Labs has denied any such data breach. In a response to Inc42, Sanjeev Kumar, chief technology officer of Pine Labs said, “Pine Labs continues to be one of the most secure and compliant PCI-DSS platforms. We can confidently state that our systems continue to be fully secure and our production systems continue to operate as usual and all customer data is safe.”

Kumar however underlined that the data mentioned are some 2014 legal business contracts and the Pine Labs is investigating to see if any user laptop or server was the source of this information.

“Based on further analysis, we found that the data shared by the ransomware group contains their internal documents such as agreements with multiple institutions and other confidential information,” Cyble said on its website. In screenshots shared by Cyble on its website, data compromised included names, designation, department, email address obtained from internal documents of Pine Labs. 

Founded by Lokvir Kapoor, Pine Labs provides products and solutions for merchants, enabling them to accept offline and online retail payments. It claims that its cloud-based platform helps over 3.5 lakh point of sale terminals across 3,700 cities and towns in India and Malaysia.

Hackers hacking into companies and exposing sensitive information on the dark web in exchange for some ransom is a common practice. However, since the onset of the pandemic, the frequency of data breaches has increased at a significant rate, as more people continued to shift online. Earlier reports of IPO-bound Mobikwik surfaced that stated a potential data breach of over 100 Mn Indian MobiKwik users’. Independent cybersecurity researcher Rajshekhar Rajaharia earlier had reported records for 11 Cr MobiKwik users with 8.2 Tb of data were breached.

Major pizza chain Domino’s India reported having witnessed a data breach exposing the information of over 18 Cr orders. The sensitive information appeared on the dark web and the database was made public by the hacker or hacking group behind the leak. Indian sweets and snacks brand Haldiram’s faced a ransomware attack by unidentified hackers who demanded a ransom of $7, 50,000.

In 2020, Indian organisations paid somewhere between $1 Mn — $2.5 Mn to hackers to get back data from after cyberattacks. The report by US cyber tech firm CrowdStrike further revealed that 74% of Indian companies suffered a ransomware attack. 

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.