CyberPeace, a cybersecurity organization, has reported that sensitive data from 1.6 crore (16 million) HDFC Life Insurance customers is being sold on a Dark Web forum for 200,000 USDT (Tether cryptocurrency).
The breach reportedly includes highly sensitive information such as policy numbers, names, contact details, dates of birth, email addresses, residential addresses, and health records.
HDFC Life disclosed last month that they were alerted to a potential data breach by an unidentified source who provided samples of customer data. In a regulatory filing, the company confirmed it was investigating the matter with the help of information security experts. The breach’s impact and root cause remain under evaluation.
CyberPeace stated that the stolen data is being offered in smaller bundles of 100,000 records, with options for personalized deals through private negotiations. Alarmingly, significant portions of the data have already been sold, increasing concerns about potential misuse.
The leaked data poses serious risks, including privacy violations, phishing scams, and identity theft. With sensitive policy numbers and personal details exposed, unauthorized access to financial products and services is a possibility. CyberPeace urged affected customers to remain vigilant and monitor their accounts for suspicious activity.
This incident follows reports in October of a massive data breach at Star Health Insurance, where hackers allegedly accessed and put up for sale 7.24 TB of customer data from over 3.1 crore individuals for $150,000. Star Health confirmed it had been the target of a malicious cyberattack and was conducting a forensic investigation to address the breach.