Indian grocery delivery startup KiranaPro’s recent data loss story has more holes than Swiss cheese, as the startup remains unclear whether the incident was an internal breach or an external hack.

Last week, the Bengaluru-based startup discovered that it could not access its back-end servers and that all its data, including its app code, had been deleted from GitHub. The startup on Friday blamed a former employee for the breach. However, in an interview, KiranaPro co-founder and CEO Deepak Ravindran conceded that the company had not deactivated the employee’s account after they departed the company and cannot rule out the possibility of subsequent malicious misuse of their account.

“If we go deeper, we have to do a real forensic investigation. We are going to talk [about] this with our board, the investors, and we are going to get a formal opinion on that also with our legal advisers,” Ravindran told TechCrunch.

Earlier on Friday, Ravindran claimed in a post on X that the incident that affected its data was an internal breach.

“After careful investigation, we conclude that this was not a hack. No external party penetrated our ordering or payment systems, exploited vulnerabilities, or bypassed security protocols,” he wrote.

The co-founder also explicitly shared a screenshot of a LinkedIn profile of one of KiranaPro’s former employees on X on Thursday, alleging that they had deleted the startup’s code. (TechCrunch is not sharing the post’s link, as the startup has yet to offer concrete proof supporting its position.)