India's HDFC Life launches probe after customer data shared with "mala fide" intent (updated)

HDFC Life Insurance

25/11/2024 12:14

(Adds details in paragraphs 3,5 and background in paragraph
6-8)
       Nov 25 (Reuters) - India's HDFC Life Insurance Co
 HDFL.NS  said on Monday that an unknown source shared certain
customer data with the company with "mala fide intent".
    The company, in a statement, did not elaborate if it knew or
was told how the source had obtained the data. It also did not
specify what data was shared, nor the extent of the data.
    It did not respond to Reuters' request for additional
information.
    The insurer, however, said it has started an investigation
in consultation with information security experts. It is also
conducting an information security assessment and data log
analysis.
    "We continue to investigate this further to assess potential
impact," HDFC Life said in its statement.
    In October, India's insurance regulator directed insurers to
carry out audits of their IT systems following concerns over
customer data leaks at two firms.
    While the regulator did not name the firms, local media
reports said that the action followed breaches at Star Health
and Allied Insurance  STAU.NS  and TATA AIG General Insurance.
    In August, Star Health faced a data theft incident where
stolen customer data, including medical reports, were publicly
accessible via chatbots on messaging app Telegram and through
websites.

 (Reporting by Hritam Mukherjee and Nishit Navin in Bengaluru;
Editing by Savio D'Souza)
 ((Hritam.Mukherjee@thomsonreuters.com; X: @MukherjeeHritam;))