Axis Max Life probes potential data breach after hacker claims network intrusion

Indian insurance giant Axis Max Life said it is investigating a potential data security incident after a threat actor claimed to have breached its internal network and stolen confidential data.

 

Axis Max Life Insurance, formerly known as Max Life Insurance, is a joint venture between Max Financial Services Limited and Axis Bank Limited. It offers a range of life insurance products, including term insurance, savings plans, retirement solutions and more.

 

On July 2, in a filing with the Bombay Stock Exchange (BSE), Axis Max Life said that an unknown threat actor has contacted the company claiming to have infiltrated its internal network and stolen confidential data. 

 

The company said it has launched an investigation and has hired external cyber security experts to determine the nature and scope of the incident.

 

“As an immediate measure, Axis Max Life has initiated an information security assessment and data log analysis. As communicated to us, a detailed investigation is also underway in consultation with information security experts to assess the root cause of the incident and take remedial action, as necessary,” the insurance giant said.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on Axis Max Life. The insurance company also did not share details on the nature of the security incident, who was behind the attack, how much data was compromised, or whether it has received a ransom demand.

 

Targeting insurance companies has become a growing trend among cyber criminals. On November 25, Indian life insurance provider, HDFC Life, said that it “received communication from an unknown source, who has shared certain data fields of our customers with us, with mala fide intent.”

 

While the insurance provider did not share details on who was responsible for the data security incident or the number of affected individuals, an unnamed threat actor claimed responsibility for hacking into the company’s internal network and stole personal data of 16 million customers.