- Two catastrophic data breaches hit Indian companies dealing with health insurance and crowdfunding.
- The data that has been stolen is extremely sensitive, and the actors are already selling it on the dark web.
- Users in India are rarely ever informed of incidents of this kind, as the state isn’t putting in the effort to enforce the relevant law.
Cyble’s dark web sweepers located two more fresh leaks, both belonging to Indian firms. The first is the health insurer “Religare,” who has lost over 5 million records as a result of a catastrophic hacker attack. The second is the crowdfunding platform known as “Impact Guru”, which lost the details of 507,000 users.
Both sets of stolen data are already available for purchase on the dark web, as this is where Cyble found them. It is unclear if the attacks involved the use of ransomware tools, or if the hackers simply broke in the networks of the companies.
Starting with “Impact Guru”, the non-government organization is a crowdfunding platform that supports startups and creative individuals in India, as well as in another 15 countries. It has raised over $21 million since 2015 when it was established, and it is considered India’s leader in the field.
The malicious actors who targeted “Impact Guru” have managed to steal 507,000 records that contain the following details:
- Email IDs in encrypted and also in plaintext form
- Banking details of 8,000 users (SWIFT, IFSC, account numbers)
- Chat history
- Pan Card number
- Aadhar Card number
- Facebook ID, Twitter ID, Linkedln ID, Apple ID (if available)
- Registration Date
- Paypal Email
- IP Address Location
Continuing with the “Religare” breach, this one includes both five million customers and 6,000 employees of the health insurance firm. Religare operates over 146 offices across the country, so the consequences extend vastly.
The details that have been exposed and which are for sale to anyone willing to buy the packs include the following:
- Mobile number
- Email IDs
- Date of birth
- Customer ID
- Policy number
- Start date and end date
- Agent assigned
- Name of the policy
- Sum insured and renewal amount
- Full names
- Mobile numbers
- Dates of birth
- Password hashes
- Individual authorization keys
- Official email IDs
- Email signatures having office address and personal mobile numbers
- Last login and last logout
- Internal IP address through which they connected to the portal
Cyble has informed both companies of the data leaks, but it’s unlikely for the affected individuals to receive an official notice of a breach. Entities in India are obliged by law to disclose these incidents, but the authorities aren’t very strict about this, at least not until now.
The details that have been leaked are highly sensitive, so if you are included in the datasets, you should take many precautions against potential scams and threats.