HDFC Life reports data breach, launches investigation

India’s leading life insurance provider, HDFC Life Insurance, revealed a customer data breach on Monday, intensifying concerns about cybersecurity vulnerabilities within India’s insurance industry. The company disclosed the incident in a regulatory filing, confirming it had received communication from an unidentified source claiming access to customer data.

“We have received communication from an unknown source, who has shared certain data fields of our customers with us, with mala fide intent,” the insurer stated.

The insurer has initiated an in-depth investigation with information security experts to trace the breach’s origin. Measures include an “information security assessment and data log analysis” to identify the root cause and mitigate risks.

HDFC Life emphasized its commitment to customer protection, stating, “We will take utmost care to handle concerns of our customers and take actions to safeguard their interest.” The company assured policyholders that steps would be taken to prevent future occurrences.

The breach comes amid heightened scrutiny of cybersecurity within the insurance sector. Last month, the Insurance Regulatory and Development Authority of India (IRDAI) instructed all insurers to conduct IT system audits.

IRDAI’s advisory followed major breaches, including a high-profile Star Health and Allied Insurance incident. On September 20, sensitive data, including medical details of thousands of customers, was leaked online. The breach was linked to a hacker known as xenZen, who alleged that Star Health’s Chief Information Security Officer (CISO) initially sold the data for $28,000 but later demanded $150,000. When negotiations collapsed, the hacker reportedly made the data public.