HDFC Life Insurance on Monday reported a data breach, adding its name to a growing list of insurance companies that have faced cybersecurity threats recently. In a regulatory filing on 25 November 2024, the company disclosed that it received a communication from an unidentified source claiming that it possesses customer data held by the insurer.
However, HDFC Life in a statement assured that it is treating the matter with seriousness and working with information security experts to protect the customer’s data. “We have received communication from an unknown source, who has shared certain data fields of our customers with us, with mala fide intent,” the insurer said in its official release.
The insurer has further initiated an extensive “information security assessment and data log analysis” to trace the origin of this data breach. The Insurance Regulatory and Development Authority of India (Irdai) is also monitoring the situation, The regulatory body also issued a statement stressing the seriousness of such a breach. “We take data breaches very seriously and will ensure that the policyholders’ interest are fully protected,” Irdai stated.
HDFC Life’s data breach is not an isolated case. The Indian healthcare system has been increasingly facing targeted attacks by cybercriminals.
Last month, Star Health Insurance also faced a massive data breach wherein it was reports speculated that the personal data of 31 million customers was compromised. The hacker, reportedly named xenZen, claimed to have accessed 7.24TB of data, and then offered it for sale online for $150,000.
Apart from this, other insurers like Allied Insurance and Tata AIG General Insurance have also faced similar cybersecurity issues recently. This has prompted Irdai to mandate IT system audits across the insurance industry.
However, this is more alarming for customers who stand at the risk of their data being misused. Here’s what they should know:
A data breach is more than just a technical issue as it can have serious consequences for customers. Customers' data includes sensitive information that can jeopardise their identity. For instance, stolen data can lead to identity theft, financial fraud, or even more severe implications depending on the nature of the leaked information.
Cybercriminals use many tactics such as social engineering, malware, and phishing activities to access customer's personal data. Once they get a hold of it, this information can be easily misused for identity theft and financial fraud.
How Can You Protect Yourselves?
Companies that fail to protect personal data or notify authorities of a breach can face severe penalties, including fines and imprisonment under India’s IT Act. This is what you can do in case of a data breach:
- File a complaint with Irdai/cyber crime cell
- Seek compensation in case there is any financial loss
- Change passwords and put in a security alert
- If the matter is serious, consider freezing your account and contact banks/credit card companies that you usually use for insurance payments to block them
However, it is also important to note that India’s current grievance redressal framework primarily addresses insurance-specific matters which leaves customers with limited recourse.
Meanwhile, it is up to customers to proactively monitor their identities/accounts which are linked with financial services, and change passwords immediately if a breach involves personal data or information. Staying informed will help you counter the impact of data breaches on an individual level.
