HDFC Life Insurance has reported a cyberattack that led to the theft of confidential customer data. The company lodged a complaint with the South Region Cyber Police after cybercriminals allegedly accessed sensitive policyholder information and demanded extortion.
According to the complaint, the breach occurred between November 19 and November 21, 2024. The cybercriminals, operating through the email address (bsdqwasdg@gmail.com) and a WhatsApp account, managed to steal personal information about HDFC Life’s customers.
The stolen data includes policy numbers, names, addresses, mobile numbers, and sensitive health information related to illnesses and diseases. The attackers shared samples of the stolen data via email and threatened to release it online unless their demands for extortion were met.
ESCALATION OF THREATS
The complaint was filed by HDFC Life’s Associate Vice President (Legal), who revealed that the cybercriminals initially contacted the company via email on November 19, giving them a two-day ultimatum to comply with their demands. Subsequently, a second communication was sent via WhatsApp, where the fraudsters escalated their threats.
The South Region Cyber Police has registered a case under Sections 308(3) and 351(4) of the BNS Act and Sections 43(b), 43(i), 43(a), and 66 of the IT Act, initiating an investigation to identify the perpetrators.
COMPANY STATEMENT
HDFC Life Insurance issued a statement to the stock exchanges, acknowledging the cyberattack and assuring stakeholders that immediate steps were being taken to address the issue.
The statement read, “We wish to inform that we have received communication from an unknown source, who has shared certain data fields of our customers with us, with mala fide intent. We value the data privacy of our customers and as an immediate measure, we have initiated an information security assessment and data log analysis. A detailed investigation is underway in consultation with information security experts to assess the root cause and take remedial action, as necessary. We continue to investigate this further to assess potential impact and are making this disclosure as a matter of good governance. We will take utmost care to handle concerns of our customers and take actions to safeguard their interest.”