Aditya Birla 2021 Data Breach

Aditya Birla Fashion & Retail Breach (2021): 4.5 Million Indian Customer Records Including Income, Religion & Marital Status Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

ShinyHuntersMisconfigurationRetailEmail AddressFinancial ProfileFull NameGenderJob InformationPasswordPhone Number
Moderate SeverityWebsite / service breach

Aditya Birla Fashion & Retail Breach (2021): 4.5 Million Indian Customer Records Including Income, Religion & Marital Status Exposed

Aditya Birla Fashion & Retail - major Indian apparel and lifestyle brand.

Verified by ObscureIQ Intelligence
54/100Breach Risk Index
25Data Value
25Market Recency
453dSince Breach

Breach Intelligence Summary

Entity: Aditya Birla · Actor: ShinyHunters · Sources: 3 references
Attack: Misconfiguration
Profile: Company · Fashion retail and apparel commerce · Multi-brand fashion retailer · India
Timeline: Breach (2021-12-01) · Indexed (Jan 29, 2025) · Year (2021)
Exposure: 4.5M records · 12 fields: Email Address, Financial Profile, Full Name, Gender, Job Information, Password, Phone Number, Physical Address, Relationship Status, Religion, Salutation, Transaction History
Status: Reported

Executive Summary

Aditya Birla Fashion and Retail Ltd, the Indian fashion retailer that operates Pantaloons and a portfolio of premium apparel brands, was breached in December 2021 by the data-extortion group ShinyHunters. The attackers gained unauthorized access to the company's e-commerce database, exfiltrated roughly 700 GB of data, and demanded a ransom. ABFRL declined to pay, and the data was subsequently published on a hacking forum in January 2022.\n\nThe leaked corpus contained around 4.5 million customer records, with around 5.4 million unique email addresses across associated brand sites. Customer fields included names, salutations, phone numbers, physical addresses, gender, marital status, religion, income levels, job titles, purchase histories, and passwords stored as weak MD5 hashes. The dump also included employee records covering salary, marital status, and religion, alongside invoices, server logs, and portions of website source code. The threat actor claimed full payment-card data with CVV was also among the files, an assertion the company publicly disputed.\n\nFor affected customers, the practical risk extends beyond standard contact-fraud scenarios because of the unusual sensitivity of fields exposed. Religion and income data create profiling and discrimination risks specific to the Indian context. The MD5-hashed passwords are effectively crackable by modern standards, raising credential-stuffing risk wherever the same password was reused. Anyone who held a Pantaloons, Jaypore, or other ABFRL-brand account in 2021 should rotate passwords across services and treat unsolicited messages referencing past purchases or loyalty programs with caution.

ObscureIQ assessment: Exposure enables phishing, delivery scams, order fraud, and profiling based on retail behavior. Large brand portfolios also broaden the downstream targeting surface.

Breach Impact

ABFRL responded publicly to the 2021 breach, acknowledging the incident, resetting customer passwords, enabling OTP authentication, and engaging external forensic investigators. The company stated that there was no operational or business impact and denied that financially sensitive payment data had been compromised. Independent reporting and the threat actor itself contradicted parts of that account, with claims of credit-card and CVV data in the leaked dataset. There is no public record of formal regulatory action under the data-protection framework that existed at the time, but the breach contributed to broader Indian policy momentum on consumer data protection that culminated in the 2023 Digital Personal Data Protection Act.

About Aditya Birla

Aditya Birla Fashion and Retail Ltd, generally known by its abbreviation ABFRL, is one of India's largest fashion and lifestyle retailers and a subsidiary of the broader Aditya Birla Group. Headquartered in Mumbai, the company operates a portfolio of premium and mass-market apparel brands including Pantaloons, Louis Philippe, Van Heusen, Allen Solly, and Peter England, alongside the Jaypore.com online marketplace. As of late 2021, the company ran more than 3,200 company-owned stores and was present in roughly 26,000 multi-brand outlets across India. Its customer database spans both physical retail loyalty programs and direct e-commerce.

Why They Hold Your Data

Multi-brand fashion retailers collect customer identity, contact details, addresses, order history, payment-adjacent data, and loyalty or marketing-engagement records across retail operations.

Recent Developments

ABFRL has continued to operate and expand its retail and brand portfolio in the years since the 2021 breach. The company reset customer passwords and added one-time-passcode authentication after the incident. India's data-protection regime has matured significantly since 2021, with the Digital Personal Data Protection Act passed in 2023, which raises the regulatory expectations for any future incident at ABFRL or its peers. The company has not been publicly tied to a further large-scale breach disclosure since 2021. Public scrutiny of consumer-data practices in the Indian retail and e-commerce sector has increased steadily since the original incident.

Data Points Exposed

12 verified field types
Email Address
Financial Profile High
Full Name High
Gender
Job Information
Password Critical
Phone Number
Physical Address High
Relationship Status
Religion High
Salutation
Transaction History High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Credential stuffing against reused passwords across other platforms
  • Financial fraud using exposed financial profile data
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
  • Employment-based social engineering using job and employer data
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Loan fraud & targeted financial scams
  • Name-based social engineering
  • Profile enrichment
  • Vishing & authority impersonation
  • Credential stuffing & account takeover
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Social engineering context
  • Romance & family emergency fraud
  • Targeted harassment & discrimination
  • Professional impersonation seeding
  • Lifestyle profiling & targeted fraud

Threat Actor: ShinyHunters

ShinyHunters
Misconfiguration

Attribution and method are based on available breach intelligence. Reported attack vector: Misconfiguration.

Recommended Actions

If you believe your information may be included:

Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Password manager guide
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Aditya Birla breach?

Aditya Birla Fashion and Retail Ltd, the Indian fashion retailer that operates Pantaloons and a portfolio of premium apparel brands, was breached in December 2021 by the data-extortion group ShinyHunters. The attackers gained unauthorized access to the company's e-commerce database, exfiltrated…

What data was exposed?

Verified fields include Email Address, Financial Profile, Full Name, Gender, Job Information, Password, Phone Number, Physical Address, Relationship Status, Religion, Salutation, Transaction History.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
Breach Index
Have I Been Pwned
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation