CyberPeace’s research wing said on Wednesday that 1.6 crore (16 million) HDFC Life Insurance customer records are being traded on a Dark Web site for 200,000 USDT (Tether cryptocurrency).
CyberPeace stated that the exposed data included sensitive customer information such as policy numbers, names, mobile numbers, dates of birth, email addresses, residence addresses, health condition, and more.
Late last month, HDFC Life Insurance stated that there had been some instances of data leakage and that they were analysing the potential consequences of the incident.
“We have received communication from an unknown source, who has shared certain data fields of our customers with us, with mala fide intent,” HDFC Life stated in a regulatory filing, adding that it is continuing to investigate to assess the potential damage.
According to CyberPeace, the hacked data (16 million records) is being offered in smaller increments beginning with 100,000 records, “with offers for private negotiations for buyers interested in personalised deals”.
“The identities of the cyber threat actors responsible for this incident are unknown. CyberPeace’s analysis suggests that the hackers have already sold significant chunks of the material to interested parties. “16 million customer records have already been sold, raising serious concerns about misuse and exploitation,” stated the cyber-security firm.
It went on to say that “customers’ personal information is exposed, resulting in severe privacy violations.” This information could be used to conduct phishing scams and targeted attacks.”
According to CyberPeace, the disclosed policy numbers and personal information could lead to identity theft and unauthorised access to financial products or services, thus individuals should remain careful.
In its regulatory filing, HDFC Life stated that a thorough investigation was undertaken in conjunction with information security specialists to determine the core cause and take corrective action as needed.
In October, news appeared that Star Health customers’ data was accessible for sale, and hackers put the whole 7.24 TB data, supposedly belonging to over 3.1 crore people, up for open sale on a website for $150,000.
Star Health Insurance announced in a statement that they were the victim of a targeted malicious cyberattack, which resulted in unauthorised and illegal access to some data, and that a full forensic investigation into the “targeted malicious cyberattack” was underway.
Read More
Monthly SIP investments exceed Rs 24,000 crore for the first time in India