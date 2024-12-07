MUMBAI: Investigations by the cyber crime branch of the Mumbai police into the data leak at HDFC Life Insurance Company Ltd has revealed that the e-mails and messages threatening to leak their customer data, had been sent from Thailand. The police said they have identified the Internet Protocol (IP) address of the sender and will soon send a Letter Rogatory (LR), requesting assistance from Thai authorities. Threatening mails to HDFC Life Insurance sent from Thailand: Police

“When we wrote to various agencies to get details of the senders, we learnt that the data was downloaded in Thailand. The emails and messages, too, were sent from that country,” said a police officer. “We have narrowed down on the Internet Protocol (IP) address of the sender and will soon issue a Letter Rogatory (LR) seeking co-operation from Thai authorities to get more details about the accused.”

The case was registered on November 21, under sections 308(3) (extortion) and 351 (4) (criminal intimidation) of the Bharatiya Nyaya Sanhita, 2023, and relevant sections of the Information Technology Act, 2000, after HDFC Life Insurance Company Ltd lodged a complaint, claiming unknown cyber frauds had stolen their customer data and were demanding money by threatening to leak the same.

“On November19, the company received e-mails stating that the company’s customer data had been breached. The sender gave two days to contact him for negotiations, threatening to sell the data if the company failed to do so,” said a police officer. “Details of 99 customers were attached to the mails. The leaked data contained names, policy numbers, addresses, and mobile numbers of customers.”

The company received more mails and messages on November 20 and 21. One such message read: “If you choose to negotiate, it goes without saying that this will prevent you from suffering losses of hundreds of billions of rupees in terms of customer data leakage, reputation, stock market and regulatory pressure.”

After the company confirmed with the help of experts that the sender was a hacker and was trying to blackmail the company, it decided to approach the police and, also, inform the regulatory authorities.

In a disclosure to the stock exchanges, the company wrote: “We wish to inform that we have received communication from an unknown source, who has shared certain data fields of our customers with us, with malafide intent. We value the data privacy of our customers and, as an immediate measure, we have initiated an information security assessment and data log analysis. A detailed investigation is underway in consultation with information security experts to assess the root cause and take remedial action, as necessary.”