The Hive ransomware-as-a-service (RaaS) group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago.

The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its double extortion scheme.

This allegedly comprises signed client contracts, agreement documents, as well as other sensitive information such as emails, addresses, phone numbers, passport numbers, taxpayer data, among others.

The Mumbai-based firm, which is India’s largest integrated power company, is part of the Tata Group conglomerate.

Tata Power had previously disclosed in a filing with the National Stock Exchange (NSE) of India that an intrusion on the company’s IT infrastructure impacted “some of its IT systems.”

According to further details shared by security researcher Rakesh Krishnan, the leak contains personally identifiable information (PII), including Aadhaar identity numbers, permanent account numbers (PAN), drivers’ license, salary specifics, and engineering drawings.

The latest development is also indicative of the fact that Tata Power likely refused to pay a ransom, prompting the cybercrime gang to publish the siphoned data on its HiveLeaks dark web portal.

According to statistics published by Digital Shadows and Intel 471, Hive was the third-most prevalent ransomware family observed in Q3 2022, coming only behind LockBit 3.0 and Black Basta and surpassing the likes of AvosLocker, BlackByte, BlackCat, and Vice Society.