HDFC Life Insurance has filed a case with the Mumbai Police following a cyber fraud incident involving the theft of customer data and extortion threats. The company disclosed the breach in a regulatory filing and stated that it has begun an investigation with the help of cybersecurity experts.
On November 19, 2024, HDFC Life Insurance received several emails from an anonymous sender claiming to have stolen sensitive customer information. The hacker attached data on 99 customers, including names, policy numbers, addresses, and phone numbers. The email warned that if the company failed to engage in negotiations, the data would be sold or leaked. The hacker gave the company a two-day deadline to respond, threatening significant repercussions.
The extortionist continued to send messages throughout November 20 and 21, warning the company that failure to negotiate would result in a massive leak. One of the messages stated that the company would face “hundreds of billions of rupees” in losses, along with a damaged reputation and regulatory pressure. The hacker demanded money in exchange for preventing the data from being exposed.
After confirming the authenticity of the breach with the help of security experts, HDFC Life Insurance decided to involve the police and inform the relevant authorities. The company has assured its customers that it is taking all necessary steps to protect their information and mitigate the impact of the data theft.
A case has been registered under sections 308(3) (extortion) and 351(4) (criminal intimidation) of the Bharatiya Nyaya Sanhita, 2023, along with relevant provisions of the Information Technology Act, 2000. HDFC Life stated that it is committed to safeguarding customer interests and will take swift action to address the situation.
To delve deeper into this topic, please read the full article Hindustan Times.
