HDFC Life disclosed a data breach yesterday, becoming the latest in a series of cyber attacks on Indian insurance companies. Star and Tata AIG both suffered similar breaches in recent times. The company disclosed the breach in a regulatory filing on the 26th of November 2024 and said that it is working with information security experts to investigate the incident and safeguard the interests of its customers.
HDFC Life has said that it is still attempting to trace the root cause by means of an information security assessment and data log analysis, assuring its customers that it will take “all necessary measures” to ensure such incidents do not recur.
The Insurance Regulatory and Development Authority of India(IRDAI) is monitoring the situation closely to ensure that policyholders’ interests are fully protected.
HDFC Life released a statement saying, “We have received communication from an unknown source, who has shared certain data fields of our customers with us, with mala fide intent”.
No specifics as to the extent of the breach or the nature of the attack have come forward as yet. However, the fact that HDFC Life was approached directly by the anonymous source, who provided a sample of the stolen data, suggests that a ransom demand will likely be made if it has not already with the threat of publicly leaking the data if demands are not met.
UPDATE 28/11/2024: Recent reports have revealed that the stolen customer data included policy numbers, names, addresses, mobile numbers, and other sensitive details.
An email from the perpetrator was sent to an executive at HDFC Life from the address “bsdqwasdg@gmail.com” on November 19th and read: “A large amount of your customer data has been leaked. I have given you 2 days. If I don’t receive any negotiation topics by tomorrow, I will sell the data. If you fail to contact the leader in time, you will bear the consequences yourself.” and included an attachment containing details of 99 customer policies.
While the company investigated the matter, another email was received on the 21st of November escalating the threat, saying: “Warning again! If you choose to negotiate, it goes without saying that this will prevent you from suffering losses of hundreds of billions of rupees in terms of customer data leakage, reputation, stock market, and regulatory pressure.”
This time, an HDFC Life official emailed the sender requesting a phone discussion following which the official received a WhatsApp message saying: “How long will it take? You still don’t have anyone to discuss this matter with me. Don’t you know how serious the consequences of a data leak are?”
Following this, the cyber police station was approached and initiated the investigation.
This is still a developing situation and we will be updating this post as it progresses.
Meanwhile, here are some steps we recommend you take if your credentials are indeed leaked:
- Immediately change all the accounts with the Email/Password combo detected in the leak(S-Leak will soon be able to help with this step).
- Check your recovery email/phone number and ensure they haven’t been changed.
- Enable two-factor authentication on your accounts. This adds an extra layer of security to your accounts which is harder for attackers to bruteforce or steal.
- Be cautious of phishing scams. Data breaches often lead to an increase in phishing scams, where attackers send fake emails or texts claiming to be from a legitimate company in an attempt to trick you into giving away your personal information. Be wary of any emails or texts that ask you to click on a link or enter your login information.
Visit our homepage for more updates on data breaches like the HDFC Life Data Breach.