Data Breach: Cyber Peace Claims Of 1.6 Cr Customer HDFC Life Record Sold On Dark Web

In a shocking development of data breach, a staggering 1.6 cr customer records from HDFC Life Insurance are reportedly being sold on a Dark Web forum for 200,000 USDT (Tether cryptocurrency), according to the research wing of CyberPeace.

The alleged data leak includes highly sensitive information such as policy numbers, names, mobile numbers, dates of birth, email addresses, residential addresses, and health status, CyberPeace claimed. This revelation raises significant concerns over the potential misuse and exploitation of such data.

Details of the Data Breach

Late last month, HDFC Life Insurance acknowledged instances of data leaks and confirmed an ongoing investigation. In a regulatory filing, the insurance giant stated, “We have received communication from an unknown source, who has shared certain data fields of our customers with us, with mala fide intent.” HDFC Life added that they are assessing the potential impact of the breach in consultation with information security experts.

According to CyberPeace, the compromised data is being sold in smaller batches starting from 100,000 records, with the sellers offering private negotiations for personalized deals. Alarmingly, the cybersecurity organization revealed that substantial portions of the 16 million records have already been sold to unidentified buyers.

“The identity of the cyber threat actors responsible for this breach remains unknown,” CyberPeace said, emphasizing that affected customers face severe privacy violations, including risks of phishing scams, identity theft, and unauthorized access to financial products or services.

A Growing Concern

This latest breach follows a similar incident in October when reports surfaced that data from Star Health Insurance, involving over 3.1 crore customers, was being sold online. Hackers allegedly put 7.24 TB of customer data up for sale for $150,000 on a public forum.

In response, Star Health Insurance confirmed they were victims of a targeted cyberattack that resulted in unauthorized access to certain data. The company assured a thorough forensic investigation was underway.

Vigilance Urged

CyberPeace has advised individuals to stay vigilant, warning that exposed policy numbers and personal details could be exploited for malicious purposes.

HDFC Life, in its filing, reassured stakeholders that a detailed probe is being conducted to identify the root cause and implement necessary remedial measures.

As cyberattacks on financial institutions become increasingly sophisticated, the incidents highlight the pressing need for robust data protection and security measures to safeguard sensitive customer information.