1.6 crore customer records of HDFC Life being sold on Dark Web: CyberPeace, ET CISO
The research wing of CyberPeace on Wednesday claimed that 1.6 crore (16 million) customer records of HDFC Life Insurance are allegedly being sold on a Dark Web forum for 200,000 USDT (Tether cryptocurrency).
The leaked data reportedly contains sensitive customer information, such as policy numbers, names, mobile numbers, dates of birth, email addresses, residential addresses, health status, and more, claimed CyberPeace.
Late last month, HDFC Life Insurance said there have been some instances of data leaks and they are assessing the potential impact of this breach. “We have received communication from an unknown source, who has shared certain data fields of our customers with us, with mala fide intent,” HDFC Life said in a regulatory filing, adding that it continues to investigate this further to assess the potential impact.
According to CyberPeace, the data compromised (16 million records) is being sold in smaller quantities starting from 100,000 records, “with offers for private negotiations for buyers interested in personalised deals”.
“The identity of the cyber threat actors responsible for this breach remains unknown. CyberPeace’s investigation reveals that the hackers have already sold substantial portions of the data to interested parties. 16 million customer records have already been sold, raising significant concerns about misuse and exploitation,” said the cyber-security organisation.
It further stated that “customers face severe privacy violations with their personal details being exposed. This information could be used for phishing scams and targeted attacks”.
The leaked policy numbers and personal details could enable identity theft and unauthorised access to financial products or services, CyberPeace said, advising individuals to stay vigilant.
In its regulatory filing, HDFC Life had said a detailed investigation was underway in consultation with information security experts to assess the root cause and take remedial action, as necessary.
In October, reports surfaced that customers’ data of Star Health was available for sale and hackers put the entire 7.24 TB data, allegedly belonging to its over 3.1 crore customers, for open sale on a website for $150,000.
In a statement, Star Health Insurance had said they were the victim of a targeted malicious cyberattack, resulting in unauthorised and illegal access to certain data, adding that a thorough forensic investigation was underway into the “targeted malicious cyberattack”.