Indian insurance company Policybazaar has warned that it suffered a data breach. The company’s owner PB Fintech, warned in a letter on Sunday that it had discovered “illegal and unauthorized access” exploiting vulnerabilities in its systems on July 19.
“The identified vulnerabilities have been fixed and a thorough audit of the systems has been initiated,” the company said, explaining that its security team is working with external advisors to review the situation.
“While we are in the process of undertaking a detailed review, as on date, our review has found that no significant customer data was exposed,” it added.
Founded in 2008, Policybazaar uses an online marketplace to connect individuals with insurers offering policies in a range of areas from health to car insurance. The company subverts a traditionally agent-based model, and says that it has sold over 19 million policies since it began.
Policybazaar has plans to expand its operating model. It obtained an insurance brokers’ license from India regulator IRDAI in June 2021, enabling it to move into areas including claims assistance and offline services. It will also be able to claim commissions on policy sales rather than mere web aggregation fees.
Policybazaar’s owner PB Fintech debuted on the Indian stock exchange in November 2021, boosting its price over 20% above the IPO price on the first day. Its stock price dropped from INR 522 on Friday to close 4.3% down at INR 499.70 on Monday.
The breach disclosure letter did not mention which data had been exposed or how many customers were affected.
“Increased data leaks are worrying, but with the amount of inevitable attacks, more needs to be done to deal with the aftermath appropriately,” said Jake Moore, global cyber security advisor at ESET in response to the news. “Too many companies attempt to bury bad news and play down the seriousness of the situation. Customers need to be respected, and should be made aware of the exact data stolen and when it was released as soon as possible.”