A cybersecurity breach at a U.S. subsidiary of Enzene Biosciences Ltd, a wholly-owned arm of Alkem Laboratories, has resulted in the fraudulent transfer of funds through compromised employee email accounts. The pharma giant has launched a full-scale investigation with external cybersecurity experts to assess the impact and source of the breach.
Pharma Major Faces Cyber Headwinds in the U.S.
Alkem Laboratories Ltd, one of India’s leading pharmaceutical manufacturers, confirmed on May 15 that its wholly-owned subsidiary, Enzene Biosciences Ltd, experienced a cybersecurity breach at its U.S.-based unit. The attack involved compromised business email accounts belonging to multiple employees, which were subsequently used to facilitate fraudulent fund transfers.
The company disclosed the incident through a regulatory filing with stock exchanges, raising serious concerns about the cyber resilience of pharma enterprises operating globally. While the exact amount siphoned off remains under investigation, Alkem assured that the breach was contained and that efforts are underway to assess its financial and operational impact.
“This breach has triggered immediate risk assessment protocols,” said a senior IT official familiar with incident response procedures in the pharma industry. “Email compromise often serves as the starting point for sophisticated financial fraud in corporate networks.”
Also Read: Attention Startups! Showcase Your Smart Policing Solutions on India’s Biggest Stage
The Breach and Its Fallout: A Timeline Emerges
According to early disclosures, the attack likely occurred through a targeted phishing campaign or credential theft, resulting in unauthorized access to internal communication channels. With key employee emails compromised, threat actors reportedly used impersonation tactics to orchestrate fund transfers, exploiting the trust inherent in internal financial workflows.
The extent of internal exposure is still being verified, but early indications suggest that the breach may have been limited to the U.S. subsidiary, sparing the Indian headquarters and other divisions. Alkem has engaged independent cybersecurity agencies to investigate the breach, identify the attackers’ digital footprint, and recommend long-term remediation measures.
Meanwhile, the boards of both Enzene and Alkem Laboratories have been briefed, and a formal report on the incident will follow. The company emphasized that it remains committed to transparency, regulatory compliance, and restoring trust across stakeholders.
A Wake-Up Call for the Pharma Sector
This incident highlights a troubling pattern in the pharmaceutical and healthcare industries, which have become increasingly frequent targets of cyber intrusions, ransomware attacks, and business email compromise (BEC) schemes. With sensitive R&D data, global financial transactions, and valuable IP at stake, pharma firms are often underprepared for advanced threat actors.
ALSO READ: FCRF Launches Campus Ambassador Program to Empower India’s Next-Gen Cyber Defenders
The Alkem-Enzene incident reinforces the urgent need for stronger cybersecurity governance, especially for Indian firms with international operations. Analysts warn that the rising complexity of cyber threats demands more than just IT patches—it calls for holistic digital risk management, real-time monitoring, employee training, and layered security architecture.
Although Alkem has not confirmed whether law enforcement or U.S. regulatory bodies have been notified, it is expected that the incident may come under scrutiny if any data privacy or cross-border financial laws were impacted. Stakeholders and investors await more details as the internal probe progresses.