Drugmaker Lupin said an “information security incident” had affected its “peripheral systems”. The incident comes barely a fortnight after Dr Reddy’s Laboratories reported a cyber attack and isolated its data centre services.
“We have recently experienced an information security incident that has affected several of our internal IT systems. This has not impacted our core systems and operations,” Lupin said. “The incident is being investigated and a thorough impact assessment is ongoing. Restoration of the impacted systems is a priority and is under way,” the company added.
Lupin Chief Executive Officer Vinita Gupta told BusinessLine that cyber security was becoming important as companies across the world face similar issues. At Lupin, they had taken risk management coverage for such issues. The important thing was that it had been addressed and the company hoped to come out of it, she said.
Ramesh Swaminathan, Lupin’s Chief Financial Officer, said they had worked with consultants PwC to be prepared and manage such security operations in India. The “unfortunate” incident had impacted peripheral systems, but not the core systems, he clarified.
East European origin?
Corrective action has been taken and investigations are on, he said, indicating that the cyber attack appeared to come from the East European region. While it was difficult to pinpoint the source just yet, the company was taking all steps to be prepared, he added.
The Mumbai-based drugmaker, late on Wednesday, announced its results for the three months ended September 30, where it clocked total revenues of ₹3,835 crore and profit after tax of ₹213 crore.
Linked to research?
The “security incident” assumes significance given the recent cyber attack reports from the US that were said to be linked to research facilities involved in developing vaccines against Covid-19.
The Dr Reddy’s cyber attack also raised some red flags, as the Hyderabad-based company had signed an alliance for trials on Russia’s Sputnik V vaccine in India.
No further insight was available at this point on whether the cyber attack was linked to the company’s business, whether it was a coincidence or part of a concerted effort against the Indian pharma industry.