Alkem Labs cyber fraud: what ₹52 crore case shows (2025)

What Alkem disclosed, and why it matters

Alkem Laboratories has reported cyber fraud incidents that involved compromised business email accounts and fraudulent transfers from the company and its subsidiaries. The disclosures bring attention to Business Email Compromise (BEC) style attacks, where attackers impersonate senior executives or trusted counterparties to push finance teams into authorising payments. In Alkem’s case, the incidents span subsidiaries and different disclosure timelines, but share a common weak point: email-based financial instructions.

One reported episode describes a sophisticated BEC attempt that led to a remaining loss of ₹22.31 crore after partial recovery. Separately, the company also disclosed a ₹52 crore fraudulent transfer linked to compromised employee email IDs at a subsidiary. Alkem has said it has taken corrective steps and filed complaints with relevant authorities.

The BEC pattern: impersonation of a US subsidiary

As per reports cited in the provided material, one cyber fraud episode unfolded between October and November 2023. The attackers allegedly impersonated senior officials from Ascend Laboratories, described as Alkem’s US-based subsidiary, and used email conversations to convince the company to process a large payment.

The material says the cybercriminals compromised email accounts and used domain spoofing techniques. That combination can make fraudulent emails appear legitimate, especially when the attacker is able to insert themselves into an existing email thread or mimic internal communication patterns.

In this reported BEC case, a treasury manager was deceived into transferring funds to a fraudulent bank account. The incident underlines how BEC attacks often target the last mile of finance operations, where approvals and beneficiary details are exchanged over email.

Recovery and loss: ₹28.98 crore seized, ₹22.31 crore unrecovered

The reported sequence includes a partial recovery. The material states that US law enforcement managed to seize ₹28.98 crore, which was subsequently refunded to Alkem. However, the remaining ₹22.31 crore was lost.

This distinction is important for investors tracking the net financial impact. BEC cases can involve multiple transfers and multiple jurisdictions, and even when authorities intervene, recovery is not always complete.

Alkem reportedly informed authorities soon after the fraud came to light, and an investigation is described as ongoing to track the perpetrators.

Another disclosure: Enzene Biosciences email accounts accessed

Alkem has also disclosed a cyber security incident at Enzene Biosciences Ltd, described as a wholly-owned subsidiary. In a notification to stock exchanges, the company said there was unauthorised access to the business email accounts of some employees, which led to fraudulent financial transactions.

In this Enzene-related disclosure, Alkem said the total financial impact was being assessed at the time of the filing. The company also stated it had appointed independent external agencies to investigate the incident thoroughly.

The ₹52 crore fraudulent transfer and the board’s disclosure

Alkem Laboratories also reported a cyber security incident that resulted in a fraudulent transfer of around ₹52 crore. The company’s exchange filing said the business email IDs of certain employees were compromised at one of its subsidiaries.

According to the material, the board of directors decided at its meeting held on 12 January 2024 that the incident should be reported to stock exchanges “in the interest of transparency and as a matter of good governance.” The filing also stated the sum involved “did not cross the quantitative thresholds of materiality as per the Company’s Policy on Determination of Materiality of Events or Information.”

The company said it had taken necessary steps and filed complaints with relevant governmental and regulatory authorities.

What Alkem and Check Point said about the subsidiary gap

The provided text includes a joint statement attributed to Alkem Laboratories and Check Point Software Technologies. It said the breach involved fraudulent email IDs of select employees at a foreign subsidiary that was operating independently outside the corporate systems and, at the time, was not leveraging Check Point’s security solutions.

The same material notes Alkem’s partnership with Check Point Software Technologies in November 2023 to strengthen cybersecurity, while also highlighting that the affected subsidiary had not yet integrated the company’s security solutions at the time of the breach.

The joint statement also said that following the breach, Alkem engaged Check Point to extend the security infrastructure across Alkem subsidiaries, domestic and international, with focus on networks and email.

Key facts and figures at a glance

Stock move and investor context around the disclosure

The material also links market reaction to the broader news flow around Alkem. It says shares ended 7.5% down at ₹5,013 after testing a low of ₹4,659 intraday. It also states that Alkem had delivered more than 73% returns to investors in 2023, and that before that day’s fall the stock was net positive in 2024 with a little over 4% returns.

Separately, the text notes that on Monday, 15 January 2024, the stock fell in morning trades following the announcement that Alkem Labs had suffered a loss of ₹52 crore due to a cyber security incident.

Financial scale: revenue and profit context mentioned

The provided material includes exchange data for the quarter ended September 2023, stating operating revenue of ₹2,634.6 crore and net profit of ₹646.5 crore. While these figures do not quantify the ultimate financial impact across all incidents, they provide scale on how large a ₹52 crore transfer or a ₹22.31 crore loss is relative to the company’s quarterly numbers cited in the text.

Why these incidents are being tracked closely

The incidents described share a common operational theme: finance and treasury decisions triggered through compromised or spoofed email communications at subsidiaries. The text also highlights a governance angle, with the board deciding to disclose the ₹52 crore incident even while stating it did not cross the company’s stated quantitative materiality thresholds.

The mention that the affected foreign subsidiary was operating outside corporate systems, and not using the same security stack at the time, also points to a common risk for large groups: inconsistent controls across geographically spread subsidiaries.

Conclusion

Alkem’s disclosures describe email-led fraud incidents that include a ₹52 crore fraudulent transfer at a subsidiary, and a separate BEC case that left an unrecovered loss of ₹22.31 crore after ₹28.98 crore was seized and refunded. The company has said it reported matters to authorities, engaged independent external agencies, and extended cybersecurity protocols and solutions across subsidiaries. Further clarity is expected to depend on the findings of ongoing investigations and any additional company updates on assessed financial impact, particularly for the Enzene Biosciences incident.