HDFC Life reports data leak, begins investigation with security experts

HDFC Life on Monday reported an incident of a data leak and has initiated a detailed investigation in consultation with information security experts to assess the root cause and take necessary remedial action, the company stated in an exchange filing.

 

“We wish to inform that we have received communication from an unknown source, who has shared certain data fields of our customers with us, with mala fide intent,” the company said, adding that it will continue to investigate the matter further to assess the potential impact. The disclosure was made as a matter of good governance.

 

“We will take utmost care to handle the concerns of our customers and take actions to safeguard their interests,” HDFC Life stated.

 

Previously, Star Health and Allied Insurance had to launch a forensic investigation, led by independent cybersecurity experts, into a cyberattack it was subjected to. The data breach at Star Health’s servers reportedly put sensitive data of 31 million customers—amounting to an estimated 7.24 terabytes—up for sale on the messaging platform Telegram.

 

The leaked information included names, addresses, phone numbers, tax details, and even medical records of policyholders. Reports suggested the breach involved a hacker who claimed that Star Health’s chief information security officer (CISO), Amarjeet Khanuja, sold the data for $150,000.

 

Meanwhile, Tata AIG has also faced a data leak incident.

 

Last month, the Insurance Regulatory and Development Authority of India (Irdai) directed two insurers to carry out audits of their IT systems following concerns over recent instances of policyholders' data leaks. Without naming the insurers, Irdai emphasised that it takes data breaches very seriously and asserted that it will continue to engage with companies to ensure policyholders' interests are fully protected.