Insurance firm HDFC Life has filed a complaint with South Region Cyber Police alleging data theft and extortion attempts by cyber fraudsters. The company alleged that between November 19, and November 21 the email holder (bsdqwasdg@gmail.com) managed to steal confidential data of customers who had HDFC Life insurance policies. The data included policy numbers, names, addresses, mobile numbers, and other sensitive details regarding illness and disease. The complaint stated that the hacker had shared details of stolen data via email and demanded extortion failing to which they threatened to release the data on the web. The South Region Cyber Police station has registered the Case against an unknown person under Sections 308(3), 351(4) of BNS Act and Sections 43(b), 43(i), 43(a), 66 of IT Act in South cyber region police station.
The complaint was filed by Associate Vice President (Legal) of HDFC Life. The alleged Cyber fraudsters had on November 19 sent the email demanding extortion given two days. Furthermore, a second communication was received by an official of HDFC Life on WhatsApp where the Cyber fraudsters escalated the threats.
HDFC released their statement tothe Stock exchange regarding the issue. In their statement, they said “We wish to inform that we have received communication from an unknown source, who has shared certain data fields of our customers with us, with mala fide intent. We value the data privacy of our customers and as an immediate measure, we have initiated an information security assessment and data log analysis. A detailed investigation is underway in consultation with information security experts to assess the root cause and take remedial action, as necessary. We continue to investigate this further to assess potential impact and are making this disclosure as a matter of good governance. We will take utmost care to handle concerns of our customers and take actions to safeguard their interest.”
Tips to stay safe from data theft and cyber fraud:
1. Use strong, unique passwords
Always use complex passwords for online accounts, and never reuse passwords across platforms. Consider using a reliable password manager to securely store and generate passwords.
2. Be wary of phishing attempts
Avoid clicking on suspicious links or downloading attachments from unknown sources. Double-check the sender’s email address and watch for signs of fraud, such as spelling errors or urgent demands.
3. Enable Two-Factor Authentication (2FA)
Add an extra layer of security by enabling 2FA for your accounts. This makes it harder for hackers to gain access even if they steal your login credentials.
4. Regularly update software and systems
Keep your devices, software, and antivirus programs updated to protect against vulnerabilities that cybercriminals can exploit.
5. Limit sharing personal information online
Avoid sharing sensitive details like your phone number, address, or insurance policy information on social media or untrustworthy websites.
6. Monitor financial accounts and insurance policies
Regularly review your bank and insurance statements for any suspicious activity. Report discrepancies immediately to your service provider.
7. Be cautious with public Wi-Fi
Avoid accessing sensitive accounts or sharing personal data over public Wi-Fi networks. Use a virtual private network (VPN) for secure browsing.
8. Report cyber threats promptly
If you suspect a data breach or receive extortion threats, report it to the authorities or the cyber cell. Timely reporting can help mitigate further risks.
9. Verify communication from service providers
Ensure that emails, messages, or calls claiming to be from your service provider are genuine. Contact the company directly if in doubt.
10. Stay informed about security practices
Educate yourself about the latest cyber threats and best practices to recognise and avoid scams effectively.