CyberPeace’s research team has reported that 16 million customer records of HDFC Life Insurance are allegedly being sold on a Dark Web forum for 200,000 USDT (Tether cryptocurrency).
The leaked data reportedly includes sensitive customer information such as policy numbers, names, mobile numbers, dates of birth, email addresses, residential addresses, and health details, according to CyberPeace.
Late last month, HDFC Life Insurance acknowledged instances of data leaks and stated they were assessing the potential impact. “We have received communication from an unknown source, who has shared certain data fields of our customers with us, with mala fide intent,” the company said in a regulatory filing. Investigations are ongoing with the help of information security experts to identify the root cause and take necessary action.
CyberPeace noted that the compromised data (16 million records) is being sold in smaller batches starting from 100,000 records, with private negotiation options available for interested buyers. The organization revealed that significant portions of the data have already been sold, raising alarms about potential misuse, including phishing scams and identity theft.
Customers are advised to remain vigilant as the leaked details could enable unauthorized access to financial products or services.
In a similar incident, data belonging to 31 million customers of Star Health Insurance was reported to be available on the Dark Web in October. Hackers allegedly put 7.24 TB of data for sale on a website for $150,000, prompting the company to launch a forensic investigation into the targeted cyberattack.
Both breaches underscore the critical need for strengthened cybersecurity measures in the insurance sector to protect sensitive customer data from malicious actors.
