Simplex Infrastructures Ltd., a major Indian engineering and construction company, has allegedly been hit by a significant data breach. A threat actor posted on a dark web forum claiming to have leaked approximately 33GB of sensitive data exfiltrated from the company’s systems. The company is known for its involvement in large-scale projects across transportation, energy, and real estate sectors in India and abroad. The attacker claims to have accessed files from the company’s mail and backup servers, with the breach allegedly occurring on Wednesday, July 23, 2025.
The leaked data dump appears to contain highly sensitive corporate and employee information. A sample shared by the threat actor suggests a significant exposure of personally identifiable information (PII). The contents of the leak allegedly include:
- Two large database backup files from the company’s backup server.
- A mail server database dump that includes 649 user credentials.
- A file containing Linux server credentials.
This breach could pose a severe risk to the company’s operational security, exposing internal communications, employee data, and potentially confidential project details.
