Cyber Side Effects: Alkem Labs’ US Unit Suffers Email Breach and Fund Theft

Updated: May 15, 2025 19:34

Image Source: PR Newswire

Alkem Laboratories, a top drug maker, announced a major cybersecurity breach in its subsidiary Enzene Biosciences. The attack, which was directed against the US operations, led to the unauthorized access of employee business email accounts and a subsequent unauthorized transfer of funds. This attack highlights the potential of cyberattacks in the pharmaceutical industry and indicates the danger posed by business email compromise.

Incident Overview

Alkem Laboratories reported a cyber incident at Enzene Biosciences, its US subsidiary.
Unauthorized access to some employees' business email accounts made a fraudulent money transfer possible.

Facts about the Fraud

The cybercriminals posed as Alkem's US subsidiary officials and tricked Mumbai-based officials into transferring a big amount of money.
The money laundering transfer totaled ₹51.30 crore, of which ₹28.98 crore were subsequently seized by US authorities and returned to Alkem Labs.
The scam was carried out using advanced e-mail phishing and social engineering methods, leveraging trust within international offices.

Timeline and Discovery

The scam took place between October 27 and November 17, 2023, after a fake email dialogue between company officials.
The violation was detected when inconsistencies were observed in the process of transferring funds, which led to an internal audit followed by a police complaint.

Impact and Response

The case caused a net loss of around ₹22.31 crore for Alkem Labs following partial recovery.
Remedial actions have been taken by the company, such as enhancing its cybersecurity practices and reviewing in detail its IT infrastructure.
Law enforcement officials in India and the US are engaged in the ongoing probe.

Industry Context

This attack is just one of a broader wave of growing cyberattacks on pharmaceutical and healthcare organizations worldwide, with business email compromise schemes on the rise.

This incident emphasizes the importance of strong cybersecurity awareness and controls, particularly for organizations with global operations.

The investigation is ongoing, and more developments are expected as law enforcement bodies continue their activities.

Rediff Money, Hindustan Times, Data Breaches Digest

Stay Ahead – Explore Now! Escorts Kubota Sees Strong Tractor Sales Growth While Construction Equipment Sector Gears Up For Recovery