Earlier this week, KiranaPro experienced a major data loss—described as its biggest yet. Initially, the company thought an external hacker was behind the breach. However, CEO Deepak Ravindran later revealed on X (formerly Twitter) that their internal investigation points to a different cause: a former employee, who had legitimate access, deliberately deleted critical company data, including the app’s source code from GitHub.
Key points from Ravindran’s statements and reports:
-
No external breach detected: The company’s ordering and payment systems were not compromised by outsiders, and no unauthorized external access was found.
-
Internal data breach: The data loss appears to be from an insider who erased important server logs during testing or editing, violating company policies and trust.
-
Access controls failure: KiranaPro admitted it did not revoke the ex-employee’s system access after their departure, leaving a gap that allowed potential misuse.
-
Forensic investigation underway: KiranaPro is conducting a full forensic review to understand the scope and impact of the data deletion.
-
Security improvements: The company has already strengthened multi-factor authentication, audit logs, access controls, and internal policies. Training on data governance and privileged access is being enhanced.
-
Legal action: KiranaPro is pursuing disciplinary and legal proceedings against the former employee responsible.
-
External hack not fully ruled out: While the company leans toward the insider explanation, it has decided against spending extensive resources on IP scans and deeper external hacking investigations.
-
Next steps: The company claims to have enough evidence (including GitHub responses) to file an official complaint but hasn’t disclosed exact legal moves yet.
About KiranaPro’s business:
-
Launched in December 2024, KiranaPro is integrated with India’s government-backed Open Network for Digital Commerce (ONDC).
-
It serves about 55,000 users, with 30,000–35,000 active buyers across 50 cities, handling around 2,000 orders daily.
-
The app stands out for its voice-enabled interface, supporting Hindi, Tamil, Malayalam, and English, allowing easy voice command-based ordering.
The CEO assures the app will be back within a few months with improved security to protect user data and company assets.
