In late May 2025, Bengaluru-based grocery-tech startup KiranaPro faced a crippling cyber incident. What initially seemed like a sophisticated external attack soon revealed itself to be something more alarming: an insider breach that led to a complete infrastructure wipeout.
In this blog, we break down what happened, who was behind it, how it unfolded — and how companies like yours can avoid becoming the next headline with proactive Cyber Risk Posture Management.
What Triggered the Crisis?
On May 25–26, 2025, KiranaPro’s internal team found itself locked out of:
AWS root account
Production EC2 instances
GitHub repositories
Everything, from the app’s backend code to infrastructure configurations, was erased. The app was live, but it couldn’t process a single order.
Impact:
55,000+ users affected across 50 cities
2,000 daily orders halted
Payment operations and user data disrupted
Developer codebase permanently lost
Initial Assumptions: An External Threat?
KiranaPro CEO Deepak Ravindran initially stated that the company had been hit by a coordinated cyberattack. Multi-factor authentication (MFA) was tampered with, and critical systems were destroyed, leading many to believe it was the work of external actors.
But the truth unraveled quickly…
The Reality: Insider Sabotage
A few days later, logs and security forensics pointed to something more human, and more devastating.
The attack originated from credentials still active in the hands of a former employee, Lava Kumar, who had administrative access to GitHub and AWS.
The access revocation process had failed.
The attacker walked through the front door.
And no one noticed, until it was too late.
Timeline Breakdown
As of June 10, 2025, KiranaPro CEO Deepak Ravindran has officially confirmed that the catastrophic outage was not the result of an external cyberattack but a deliberate act of insider sabotage.
The breach was traced back to a former employee whose access to critical systems like AWS and GitHub had not been revoked after their exit. This oversight allowed the individual to wipe out codebases, delete server logs, and paralyse the platform. However, Ravindran clarified that no customer data or PII was leaked or accessed during the breach.
In response, KiranaPro has revamped its internal security protocols, focusing on access control, real-time audit logging, and a stricter offboarding framework. Legal action is underway against the accused, and recovery efforts are progressing steadily as the company works to rebuild services and restore stakeholder confidence.
Fallout for KiranaPro
Revenue Freeze: App couldn’t process payments for days
Salaries Delayed: Team members faced income disruptions
Operational Shutdown: Orders stopped across all cities
Trust Gap: Users and investors were left in the dark
The cost of one misconfigured offboarding? Total operational paralysis.
The Bigger Picture: Why This Could Happen to Anyone
This wasn’t just a technical oversight—it was a cyber risk posture failure.
No continuous monitoring of admin credentials
No automated access revocation post offboarding
No alerts on critical system deletion or misuse
No centralized view of who could access what, and why
Startups and growth-stage companies are especially vulnerable because they move fast and often sideline cyber hygiene for agility.
Why Insider Threats Deserve a CRQ Lens
The KiranaPro incident wasn’t just an operational failure or a tech misstep; it was a stark reminder of what happens when insider risk is both underestimated and unquantified.
It wasn’t ransomware. It wasn’t an external nation-state attack.
It was someone who once had a company email, a seat at the table, and access that was never revoked.
This is the face of modern cyber risk. Quiet. Intentional. And entirely preventable, if you’re looking in the right places.
And the global numbers? They don’t just support the concern, they amplify it.
The 2025 Global Picture
$17.4 million — That’s the average cost of an insider threat incident
(Ponemon Institute, 2025)24% — Of all cyber incidents globally now originate from insiders
63% — Of those insider-related breaches are fueled by malicious intent, not negligence
86 days — The average time it takes to even detect and contain an insider threat
3.8x — Organizations without access visibility and control are nearly 4x more likely to face losses above $10M
These aren’t isolated numbers. They’re signals, pointing to the new battleground: the inside.
Yet too many organisations still treat insider risk as an edge case, or worse, an IT problem.
But insider threats don’t just compromise data, they cripple investor confidence, derail business continuity, and in worst cases, bring growth-stage startups to a standstill.
This is why insider threats must be viewed through a Cyber Risk Quantification (CRQ) lens.
Because when you understand risk in business terms, impact, exposure, and cost, you don’t just see threats.
You see what they’ll cost you, how to prioritise them, and where to act first.
In today’s world, risk is no longer about possibility. It’s about visibility.
And the truth is:
You can’t secure what you don’t quantify.
And you can’t protect what you don’t see.
