Policybazaar says IT system hacked, no 'significant customer data' exposed

Online insurance broker Policybazaar said that IT systems of the company were hacked on July 19, after which it fixed the identified vulnerabilities and began a thorough audit of its IT systems.

The company identified certain vulnerabilities last week in a part of Policybazaar Insurance Broker's IT systems leading to illegal and unauthorised access to the network.

"In this regard, Policybazaar has reached out to the appropriate authorities and is taking due recourse as per law. The identified vulnerabilities have been fixed, and a thorough audit of the systems has been initiated," PB Fintech, the parent company of Policybazaar, says in a regulatory filing.

The matter is currently being reviewed by the information security team along with external advisors, the company says.

"While we are in the process of undertaking a detailed review, as on date, our review has found that no significant customer data was exposed," the insurance broker assures.

"Policybazaar has always prioritised the security and integrity of its systems and is committed towards protection of customer data. We will issue further updates on this in accordance with applicable laws," it adds.

Reacting to the news, shares of PB Fintech fell 3% to ₹501 in the intraday trade on the National Stock Exchange (NSE).

Online travel startup Cleartrip too suffered a data breach in its internal systems last week. "This is to inform you that there has been a security anomaly that entailed illegal and unauthorised access to a part of Cleartrip's internal systems," it wrote in an email to customers.

The Flipkart-owned company said that while some personal details were a part of the leak, no sensitive information was compromised.

"We are completely mindful that this would be of concern to you. We would like to assure you that aside from some details which are a part of your profile, no sensitive information pertaining to your Cleartrip account has been compromised as a result of this anomaly of our systems," the travel startup said.

"As per our protocols, we have immediately intimated the relevant cyber authorities and are taking appropriate legal action and recourse to ensure necessary steps are being taken as per the law," it added.

Earlier this month, capital markets regulator Securities and Exchange Board of India (SEBI) lodged a complaint against a cyber security incident that was noticed on the e-mail system of SEBI which was undergoing a system upgrade.

The regulator said various mitigation measures were immediately taken in response to the said cyber security incident including, informing Indian Computer Emergency Response Team (CERT-In), central government's nodal agency to deal with cyber threats, as per the standard operating procedure, strengthening the required security configuration of the system, etc.

"SEBI constantly monitors its detection and prevention systems and has taken additional measures post the incident to tighten the security procedures for the implementation and migration activities," it said.