HDFC Life customers' data shared by ‘unknown source’ with ‘mala fide intent’

HDFC Life Insurance on Monday said it received communication from an “unknown source”, who has shared certain data fields of the insurer’s customers with “mala fide intent”.

The life insurer has begun a probe into a possible data leak. “We wish to inform that we have received communication from an unknown source, who has shared certain data fields of our customers with us, with mala fide intent. We value the data privacy of our customers and as an immediate measure, we have initiated an information security assessment and data log analysis,” the insurer says in a regulatory filing.

“A detailed investigation is underway in consultation with information security experts to assess the root cause and take remedial action, as necessary. We continue to investigate this further to assess potential impact and are making this disclosure as a matter of good governance,” HDFC Life says.

“We will take utmost care to handle concerns of our customers and take actions to safeguard their interest,” the company says.

This comes over a month after India’s largest health insurer, Star Health Insurance confirmed a data breach after a hacker website alleged that the company’s chief information security officer, Amarjeet Khanuja, sold sensitive data to hackers and subsequently attempted to renegotiate the deal, demanding extra funds for backdoor access on behalf of senior management.

On September 20, Fortune India reported a potential data breach impacting 31 million Star Health Insurance customers. Sensitive information such as medical records, Aadhaar card details, and addresses was accessible via Telegram chatbots. The hacker claims to possess 7.24 terabytes of data, including full names, PAN and mobile numbers, email addresses, dates of birth, residential addresses, and medical conditions, posing significant risks for identity theft and financial fraud.