Enzene Biosciences, a biotech subsidiary of Indian pharmaceutical firm Alkem Laboratories, experienced a cybersecurity breach affecting its U.S. operations. The incident involved the infiltration of the company’s systems, leading to the compromise of **employees' business email accounts**. These compromised accounts were subsequently exploited to facilitate **fraudulent fund transfers**, though the full extent of the financial loss remains undisclosed as investigations are ongoing.Alkem Laboratories publicly acknowledged the breach in a regulatory filing to the **Bombay Stock Exchange (BSE) and National Stock Exchange (NSE)**, emphasizing transparency and governance. The company’s Board of Directors mandated reporting the incident to stock exchanges, signaling the severity of the event. While no explicit mention of **customer data leaks** or **operational disruptions** (e.g., factory shutdowns) was made, the breach’s focus on **employee credentials and financial fraud** suggests a targeted attack with **internal data exposure risks**.The incident aligns with a rising trend of cyberattacks in the **pharmaceutical sector**, where sensitive intellectual property, financial transactions, and employee data are prime targets. Alkem’s proactive disclosure underscores the reputational and financial stakes, though the long-term impact on operations or regulatory penalties remains unclear pending further investigation.
Source: https://www.scworld.com/brief/cyberattack-compromises-enzene-biosciences-funds
Enzene Biosciences Ltd cybersecurity rating report: https://www.rankiteo.com/company/enzene
"id": "ENZ49103849112625",
"linkid": "enzene",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Biotechnology / Pharmaceutical',
'location': 'United States (U.S. operations)',
'name': 'Enzene Biosciences',
'type': 'Subsidiary'},
{'industry': 'Pharmaceutical',
'location': 'India (Multinational)',
'name': 'Alkem Laboratories',
'type': 'Parent Company'}],
'attack_vector': 'Email Account Compromise',
'data_breach': {'sensitivity_of_data': 'Moderate (business emails potentially '
'containing sensitive corporate '
'information)',
'type_of_data_compromised': ['Business Email Communications']},
'description': 'Enzene Biosciences, the biotech subsidiary of Indian '
'multinational pharmaceutical firm Alkem Laboratories, '
'experienced a cybersecurity incident affecting its U.S. '
'operations. The infiltration led to the compromise of some '
"employees' business email accounts, which were subsequently "
'used to facilitate fraudulent fund transfers. The '
'investigation into the full extent of the incident is '
'ongoing. Alkem Laboratories emphasized transparency and good '
'governance by reporting the incident to the Bombay Stock '
'Exchange and the National Stock Exchange.',
'impact': {'brand_reputation_impact': 'Potential (due to public disclosure '
'and transparency measures)',
'data_compromised': ['Business Email Accounts'],
'systems_affected': ['Email Systems']},
'initial_access_broker': {'high_value_targets': ['Employee Business Email '
'Accounts']},
'investigation_status': 'Ongoing',
'motivation': 'Financial Gain (Fraudulent Fund Transfers)',
'references': [{'source': 'The Cyber Express'},
{'source': 'Bombay Stock Exchange (BSE) / National Stock '
'Exchange (NSE) - Alkem Laboratories Statement'}],
'regulatory_compliance': {'regulatory_notifications': ['Bombay Stock Exchange',
'National Stock '
'Exchange']},
'response': {'communication_strategy': 'Public disclosure to stock exchanges '
'(Bombay Stock Exchange and National '
'Stock Exchange) as a transparency and '
'governance measure.',
'incident_response_plan_activated': True},
'stakeholder_advisories': 'Disclosure to stock exchanges (BSE and NSE) as per '
'board decision for transparency and governance.',
'title': 'Cybersecurity Incident at Enzene Biosciences (Subsidiary of Alkem '
'Laboratories)',
'type': 'Cyber Intrusion / Business Email Compromise (BEC) / Fraudulent Fund '
'Transfer'}