Reports have emerged recently about a B2B fintech solutions firm, Pine Labs, suspected exposure to cyber hacking, which has been said to compromise over 500,000 confidential records, including the firm’s employee data, financial statements, client contracts, and many other internal sensitive documentations.
Pine Labs, however, denies the alleged claims.
As stated by cybercrime experts, the suspected threat actor of this alleged attack is no other than the BlackMatter Ransomware Group.
As also shared by the Cyble Research Labs’ website last August 11 are some screenshots about the said attack and data exposure coming from the post made by BlackMatter themselves. They presented a 500MB data sample of the compromised data against Pine Labs out of the over 100GB that they have managed to allegedly access:
The data breach
As for the suspected breached data, it includes internal agreements and different sales invoices coming from Indian banks and financial firms and private data of employees like their names, email addresses, company ID, and more.
This data breach issue of Pine Labs has emerged right after the ransomware group, BlackMatter, have posted their updated list of victims from their leak website last August 10 this year. The attack is implied to be a significant concern against Pine Labs due to its business and service transactions with multiple financial firms all across India.
However, the fintech solutions firm still holds strong to their declaration that the data breach allegations were baseless and claims that their company is secured and a highly compliant PCI-DSS platform. As stated by Sanjeev Kumar, the Chief Technology Officer of Pine Labs, they are confident about their firm’s security, and their production systems are still continually operating.
There were reports that the said data breach issue could also be from the end of Pine Labs, specifically with the possibility that the leak could have come from a direct client system or even from an insider employee. Even though these scenarios are not yet proven, a thorough survey is highly recommended considering the weight of the data breach issue.