What Happened
In December 2021, Aditya Birla Fashion and Retail Ltd (ABFRL), an Indian fashion retail giant, suffered a major data breach when the hacker group ShinyHunters gained unauthorized access to its e-commerce databases around December 1, compromising approximately 4.4 to 5.4 million customer and employee records. Exposed data included customer names, phone numbers, email addresses, physical addresses, dates of birth, purchase histories, and MD5-hashed passwords, alongside highly sensitive employee details such as salaries, marital status, gender, age, and religious affiliations, with around 700 GB of data—including invoices and website source code—publicly released online after failed ransom negotiations. ABFRL confirmed the incident, engaged forensic experts, notified authorities, reset customer passwords, enabled OTP authentication, and reported no operational impact, though hackers claimed ongoing vulnerabilities.
