The Hive ransomware-as-a-service group has claimed responsibility for a cyberattack that compromised Tata Power. The attack was disclosed by the company on October 14, and likely occurred on October 3. Since the attack, the Mumbai-based power company confirmed that all critical operational systems are functioning again. The leak reportedly affected several of Tata’s 12 million customers, including exposure of personally identifiable information such as national identity card numbers, tax account numbers, salary information, addresses, phone numbers, and more.
The ransomware company has leaked the stolen data, indicating that the group may have failed to convince Tata to pay ransom demands. However, even if the negotiation was successful it is possible that Hive released the data anyways. Paying ransomware demands is a risky move that may not always end in recovery of encrypted assets. There is still a chance that the ransomware group will take the payment and leak the data regardless.