Data breach in Pine Labs exposes 500,000 records

Pine Labs is a B2B fintech solutions company working with various financial institutions and merchants. About 500,000 records of Pine Labs including confidential client agreements, employee data, financial reports, and other internal documents were allegedly hacked by BlackMatter Ransomware Group according to Cyble Research Labs.

A sources said, Pine Labs is backed by Mastercard, which is expected to launch an IPO in 2022, last month secured $600 million in a round led by Fidelity Management and Research Company and new investor BlackRock.

The Cyble Research says, the group has been garnering considerable media attention because of this attack. On August 5, 2021, Cyble Research Labs published a detailed technical analysis of the BlackMatter ransomware group. Cyble also covered BlackMatter’s activities separately, whereinthe group was recruiting via cybercrime forums and seeking affiliates.

The attack came into the limelight after the BlackMatter ransomware group updated its victim list on its leak website on August 10, 2021. The impact of this attack is significant, as initial investigations indicate that the incident has affected multiple financial institutions using Pine Labs services across India.

The Noida-based company is “however investigating this to see if any user laptop or server was the source of this information,” as per a statement from CTO Sanjeev Kumar on the matter.

He further said, Pine Labs continues to be one of the most secured and compliant PCI-DSS platforms. We can confidently state that our systems continue to be fully secured and our production systems continue to operate as usual and all customer data is safe,” Kumar said in the statement.

There were thousands of screenshots of the data leaked were shared on Cyble’s website on August 11. BlackMatter Ransomware’s post showed 100GB of data was accessed, of which 500 MB worth of data had been shared as a sample. However, Pine Labs, denied the claims.