KiranaPro Data Loss Under Investigation: Internal Breach or External Hack?

Indian grocery delivery startup KiranaPro is investigating a significant data loss incident. The company's back-end servers became inaccessible, and data, including app code hosted on GitHub, was deleted.

KiranaPro CEO Deepak Ravindran initially blamed a former employee in a post on X (formerly Twitter). He stated the incident appeared to be an internal breach, not an external hack, and alleged the former employee intentionally deleted critical server logs.

However, Ravindran later admitted to TechCrunch that a full forensic investigation is needed. The company has not ruled out the possibility of an external hack or malicious misuse of the former employee's account, which remained active after their departure.

GitHub Response Points to Former Employee

Ravindran cited a GitHub response, which included the former employee's username, as the basis for his initial allegation. However, he acknowledged that further investigation is required.

“All we have is the emails that we got from GitHub, stating that [the former employee’s username] as an individual is the one who deleted the account. We haven’t done the investigation further,” Ravindran told TechCrunch.

Lack of Offboarding Procedures Raises Concerns

KiranaPro CTO Saurav Kumar confirmed that the company's employee offboarding process was inadequate due to the lack of a full-time HR department. This lapse allowed the former employee's access to critical systems to persist.

Data Restored, But Questions Remain

KiranaPro has since restored its GitHub data from a backup and regained access to its AWS account, which stores customer data and transaction details. While Ravindran claims the customer data remained untouched, questions remain about how the AWS account, protected by multi-factor authentication, was accessed.

The company is considering a formal police complaint, but the investigation is ongoing. This incident highlights the importance of robust security measures, particularly for startups, including thorough offboarding procedures and comprehensive data protection protocols.

KiranaPro, launched in late 2024, operates on the Indian government’s Open Network for Digital Commerce (ONDC). The startup serves over 55,000 customers in 50 cities, offering a voice-based interface for purchasing groceries from local shops and supermarkets.