Policybazaar notifies breach in IT systems, initiates audit

PB Fintech, the parent company of Policybazaar, said on July 24 that the insurance broking platform's IT systems were breached on July 19. The company added that issues identified in its IT systems have been fixed since then and an audit has been initiated.

"We wish to bring to your notice that on 19 July 2022, certain vulnerabilities were identified in a part of Policybazaar Insurance Brokers Private Limited ("Policybazaar'') IT systems and the same were subject to illegal and unauthorized access. In this regard, Policybazaar has reached out to the appropriate authorities and is taking due recourse as per law," PB Fintech said in a notification to exchanges.

The company said that the matter is currently being reviewed by its information security team along with external advisors.

"While we are in the process of undertaking a detailed review, as on date, our review has found that no significant customer data was exposed. Policybazaar has always prioritized the security and integrity of its systems and is committed towards protection of customer data," the notification further read.

The company said that will issue further updates on this in accordance with applicable laws.

The announcement by Policybazaar comes at a time when a number of platforms from payment gateways to broking have reported a spate of customer data breaches and frauds.

Fraudsters were recently arrested in Mumbai for allegedly using customer data to hack demat accounts of Zerodha customers and siphoning off funds, following a Zee Business report.

On July 18, flight booking platform Cleartrip informed its customers that its internal systems were breached by unnamed perpetrators. In an email, Cleartrip informed that apart from a person's profile, "no sensitive information pertaining to your Cleartrip account has been compromised as a result of this anomaly of our systems".

On May 20, payment gateway Razorpay lodged a complaint at South East Cyber Crime Cell saying that hackers and fraudulent customers have stolen Rs 7.38 crore by tampering and manipulating the authorisation process of Razorpay Software to authenticate 831 failed transactions.

According to data by cybersecurity company Akamai, India experienced a total of 193,510,152 cyber attacks on application programme interfaces (APIs), softwares that allow two applications to interface, between December 2021 and February 2022.

This makes India the 5th most attacked company in the world. Cyberattacks in India, Akamai found, were concentrated on financial, e-commerce and other digital media sectors. While financial services counted for 22.6 percent of the attacks, e-commerce was at 30.2 percent and other digital media such as social media etc at 32.6 percent.