Dr. Reddy’s Laboratories, one of India’s biggest drug companies, almost lost ₹2.16 crore in a shocking cyber attack when hackers got into an email conversation with one of its vendors.
The hackers pretended to be executives from Group Pharmaceuticals Ltd. and tricked Dr. Reddy’s finance team into sending money to a fake bank account.
The company’s quick action and cooperation with banks helped freeze the money, which stopped an actual loss.
This case is a stark reminder that cybersecurity risks in the pharmaceutical industry go beyond just stealing data; they can also affect financial operations.
Table of Contents
How the Fraud Happened
- Reports say that Group Pharmaceuticals, a company based in Bengaluru, regularly sent products to Dr. Reddy’s Laboratories (DRL).
- Hackers got into the email conversation between the two companies on November 3 and 4, 2025.
- They made a fake email address by changing the vendor’s official email address in a small way, like changing “kkeshav@grouppharma.in” to “KKeshav@Grouppharma.in.”
- The hackers used this fake ID to tell DRL to move ₹2.16 crore to a new “vendor account” in Bank of Baroda, which is in Vadodara, Gujarat.
- The DRL accounts team finished the transfer on November 4, 2025, because they thought the message was real.
- Not long after that, when the real vendor asked about the payment, DRL knew the email was fake and told its bank right away. The cybercrime police were told, and a report was made in Bengaluru.
Legal Action & Investigation
- On November 5, 2025, the Bengaluru City Cyber Crime Police Station took the case.
- The FIR lists violations under:
- Section 66(C) of the IT Act, 2000, which deals with identity theft
- Section 66(D) of the IT Act, 2000, talks about cheating by pretending to be someone else.
- Sections 318(4) and 319(2) of the Bharatiya Nyaya Sanhita (BNS) deal with cheating and impersonation.
- Investigators found the fake bank account in Vadodara, where some of the money was frozen. The cybercrime team is working with banks to find the people who did it and get the rest of the money back.
Dr. Reddy’s Official Response
- Dr. Reddy’s Laboratories confirmed the event in a statement, but they made it clear that there was no financial loss:
- “A fake email caused a payment to a vendor to go to the wrong place. The statement said, “However, because we were able to quickly find out about it and work with our banking partners, the funds have been frozen, and neither the company nor the vendor has lost any money.”
- The company also said that it has made its internal cybersecurity and payment verification processes stronger to stop things like this from happening again.
What This Means for the Pharma Industry
- Business Email Compromise (BEC) is a growing problem where hackers use social engineering and email spoofing to steal corporate payments.
- The pharmaceutical industry makes huge payments to vendors every day, so these kinds of scams can cost them money and hurt their reputation and trust.
- Important things for pharmaceutical and healthcare companies to remember:
- Always call or use a secure channel to confirm changes to bank information.
- Use two-factor authentication for business email accounts.
- Teach finance teams how to spot email addresses that look suspicious or requests for payment that seem urgent.
- To stop spoofing attacks, use spam filters and email encryption.
- In this case, even one mistake can cost crores or, even worse, ruin secret partnerships
Case Summary at a Glance
| Details | Information |
| Company | Dr. Reddy’s Laboratories Ltd |
| Vendor | Group Pharmaceuticals Ltd (Bengaluru) |
| Amount Involved | ₹2.16 crore |
| Incident Date | November 3–4, 2025 |
| Fraud Method | Email spoofing (Business Email Compromise) |
| Fraudulent Bank | Bank of Baroda, Vadodara |
| Police Station | Bengaluru City Cyber Crime Police |
| Outcome | Funds frozen; no net loss |
| Legal Sections | IT Act 66(C), 66(D); BNS 318(4), 319(2) |
Lessons for Pharma Companies
1. Don’t ever just use email for money instructions.
2. Make sure that all changes to payment details are confirmed verbally or in person.
3. Check outgoing payments every day to find problems early.
4. Instead of email, use secure vendor portals to send invoices.
5. Give your employees training on how to be aware of cybersecurity threats.
- Cybercriminals are now going after high-value Dr. Reddy’s pharma payments because the industry depends on vendor networks, which makes it a good target.
Conclusion: Cybersecurity Is the New Lifeline for Pharma
The Dr. Reddy’s Laboratories incident is a wake-up call for everyone in the pharmaceutical industry.
The company barely avoided a financial hit, but this shows how one fake email can shake up a billion-dollar business.Cyber hygiene is just as important as the quality of medicine in today’s digital-first world.
Pharmaceutical companies need to invest in digital vigilance to protect their people, partners, and profits as they use technology to grow.
Also Read Important Article: Who Is John Ternus? The Engineer Tipped to Be Apple’s Next CEO
