A major cybersecurity breach at Agarwal Packers and Movers Ltd (APML) has compromised sensitive personal data of high-profile clients, including senior government officials. The breach, which surfaced on June 1, has triggered concerns not only about corporate data security but also potential national security implications. Police have registered an FIR, and an investigation is now underway.
FCRF x CERT-In Roll Out National Cyber Crisis Management Course to Prepare India’s Digital Defenders
In what could be one of the most sensitive data breaches in recent times, Agarwal Packers and Movers Ltd (APML), a prominent logistics firm headquartered in Sector 60, Noida, has reported the theft of confidential customer data, including addresses and phone numbers of high-ranking government clients. The breach was discovered on June 1, after multiple clients, including senior bureaucrats, diplomats, and defence personnel, began receiving suspicious, highly targeted phone calls.
The complainant, Jaswinder Singh Ahluwalia, Group President and CEO of APML, said in the police FIR that the nature of the calls strongly indicated that the callers had access to specific customer queries and records related to upcoming relocations. He warned that this is not merely a corporate data leak. It affects public trust, individual privacy, and potentially national security.
An internal technical audit launched by the company revealed signs of unauthorised cyber intrusion, confirming fears of a breach. The audit suggested possible collusion between internal employees and external cybercriminals. While the scale of the breach remains under investigation, the gravity is undeniable: the firm caters to India’s elite, making the stolen data a potential goldmine for malicious actors.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
FIR Registered, Digital Forensics Underway
Following the complaint, an FIR was filed at the Sector 36 Cyber Crime Police Station under Sections 318(4) and 319(2) of the Bharatiya Nyaya Sanhita, along with Sections 66C (identity theft) and 66D (impersonation via computer resource) of the Information Technology Act. Cyber SHO Ranjeet Singh stated that they have received a detailed complaint along with supporting technical evidence. Their cyber unit is currently analyzing internal server logs, firewall activity, and access trails. The case is being treated with utmost priority due to the nature of the clientele affected.
The breach has prompted calls for stronger cybersecurity protocols within private firms that service sensitive sectors. While APML has yet to disclose how many individuals were affected, its internal records reportedly include relocation data for top-tier clients, including judges, intelligence officers, and foreign dignitaries.
What This Means for India’s Cybersecurity Landscape
This incident brings to light growing vulnerabilities in India’s private sector cybersecurity ecosystem. Experts have long warned that sectors such as logistics, travel, and healthcare, which handle deeply personal data, often lack the layered digital security that banks or fintech firms deploy. Cybersecurity consultant Ritesh Bhatia notes that if the data of high-level officials can be stolen from a logistics database, it can be used to orchestrate phishing attacks, impersonation scams, or even surveillance, and that puts the national interest at risk.