According to a firm called ‘Cyble’, insurer Religare has been affected by a data breach.
Cyble claims that the list of data exposed includes: Customer’s name, address, mobile number, email id, date of birth (dob); customer’s ID, policy number, start date, end date, agent assigned; name of the policy, sum insured, renewal amount; and employee /agents full names, mobile numbers, dob, usernames, password hashes, individual authorisation keys, official email IDs, email signatures having office address and personal mobile numbers, last login and logout, internal IP address through which they connected to the portal.
I checked on their site ‘amibreached.com’, but it looks a bit shady in that it requires users to pay for more information and I stopped at that.
I am a Religare customer, and have yet to receive any information from them that this has happened. I’m interested to see how they respond to this but don’t have high hopes. I’m sure a lot of confidential data is accessible using employee logins (most of them will probably use insecure passwords).
Are there any laws governing this in India?