Indian insurance provider PolicyBazaar has reported that its IT systems were breached and were illegally accessed by unauthorised personnel as of July 19. The company has alerted relevant authorities and is currently investigating the breach.
In a regulatory filing to the National Stock Exchange of India, PB Fintech, PolicyBazaar’s parent company, reported that the discovered vulnerabilities have since been fixed, and it has initiated an audit of its systems in addition to taking “due recourse as per law”. They also stated that while it’s still in the process of doing a full review, at the moment, no “significant customer data” has been exposed, meaning at least some data was.
Considering the kind of sensitive information insurance providers and PolicyBazaar as an insurance aggregator works with, it could potentially mean bad news for the company’s claimed 9 million customers.
The company hasn’t disclosed precisely what data was exposed or what parts of its ‘IT’ systems were breached. There’s no word on the vulnerabilities discovered and subsequently fixed either.
PB Fintech, which went public last year and is currently trading at less than half the debut price, has brought in “external advisors” and the company’s own information security team to review the matter. Here’s what the entire filing read.
We wish to bring to your notice that on 19th July 2022, certain vulnerabilities were identified in a part of Policybazaar Insurance Brokers Private Limited (“Policybazaar’’) IT systems and the same were subject to illegal and unauthorized access. In this regard, Policybazaar has reached out to the
appropriate authorities and is taking due recourse as per law. The identified vulnerabilities have been fixed and a thorough audit of the systems has been initiated. The matter is currently being reviewed by the information security team along with external advisors. While we are in the process of undertaking a detailed review, as on date, our review has found that no significant customer data was exposed. Policybazaar has always prioritized the security and integrity of its systems and is committed towards
protection of customer data. We will issue further updates on this in accordance with applicable laws.
You are requested to kindly take the same in your records.Source: BSE India