Sensitive data of these organisations has been compromised on the dark web, which can lead to larger damage if they don't consider strengthening their security infrastructure
On July 4, the Clop ransomware group released sensitive data of Kotak Mahindra Life Insurance on the dark web. The files contain details of their clients, unique registration numbers (URN), SAP login credentials, PhonePe records of customers, and data of financial partners and customers such as Capital Small Finance Bank, Hero FinCorp, Ummeed Housing Finance, and more, Rakesh Krishnan, a senior threat analyst at an IT company, told Forbes India.
There are about 13 different folders, and each contains over eight gigabytes of data. One of them has over 37 megabytes of data. The attackers have put out some parts of the records calling it Part 1. The complete dump is not out yet. The data breach at Kotak Life Insurance is a part of Clop's data theft and extortion campaign against MOVEit Transfer customers, which has apparently compromised hundreds of organisations. The attackers gained unauthorised access to its transfer databases. But it’s still unclear how many victims have paid ransom. The same ransomware group was responsible for stealing the sensitive data of Indiabulls Group in 2020.
Kotak Life Insurance is one of the fastest growing insurance companies in India and covers over 46 million lives nationwide. “There was a worldwide cyberattack on the MOVEit application exploiting a zero-day vulnerability. We, like many other established entities, also make use of the MOVEit Transfer product for the secure transfer of files for limited business purposes. This incident had a limited impact on our file transfer process. However, based on our review, we understand that our IT network has not been compromised and our operations and customer services have not been impacted by this incident,†a spokesperson of Kotak Mahindra Life Insurance Company Limited told Forbes India.
For a long time, the Banking, financial services and insurance (BFSI) sector has been the chosen target for hackers. But this year, many large public and private entities are on the radar of these attackers.
In April, another group of hackers posted a database sample on a Russian hacker forum that contained sensitive employee information of the IDFC First Bank. The threat actors posted that they intended to sell the full database and information for $500. They also provided a sample of 10 employees and their data to prove their claim. In July, the same data appeared on other forums for sale.