The Mumbai Police has launched an investigation into data theft from one of India’s leading life insurance companies after cyber fraudsters illegally gained access to sensitive information of its policyholders and demanded money by threatening to leak the data.
The Mumbai Cyber โโPolice arrested a 28-year-old interior designer from Haryana on December 14, while they continued to hunt for the mastermind, who is believed to be based in Cambodia.
According to police, on November 19 the insurance firm received an email from an unknown sender that read, โA large amount of your customer data has been leaked. I have given 2 days time. If I don’t get any conversation topics by tomorrow, I will sell the data. If you fail to contact the leader in time, you will have to suffer the consequences yourself.”
The email also included an attachment with details of 99 policyholders. Another message was received on November 20 when the company’s team began investigating the source of the email.
This time it was addressed to senior company executives and multiple email accounts and read, “Warning again! If you choose to negotiate, it could cost you hundreds of billions in customer data leaks, reputational, stock market, and regulatory pressure.” It should not be said that it will protect against the loss of the rupee.”
In response, the company officials decided to engage with the fraud by sharing the contact number. On November 21, the company received similar threatening messages via WhatsApp.
After this, the associate vice president of the company’s legal team filed a complaint.
A case of extortion and criminal intimidation was registered at South Cyber โโPolice Station, Mumbai Crime Branch.
When The Indian Express contacted the insurance company, a spokesperson refused to comment on the matter.
During the investigation, the company provided information to the police about one of its policyholders, whose data was leaked while the company’s IT team analyzed the leaked information.
The role of the arrested accused Divesh Kumar Dutt has been revealed. “Analysis by the IT team showed that Dutt visited the company’s website, logged into his account and purchased a policy worth `1,000 with the intention of falsifying the data of other policy holders,” an official said.
“His account was then used to illegally download confidential data, which we suspect was sold on the dark web, causing substantial financial loss to the company,” the official added.
During interrogation, Dutt confessed to the crime and revealed that a person named Robert in Cambodia had contacted him and instructed him to purchase the policy and to have access to the portal.
Why should you buy our membership?
You want to be the smartest in the room.
You want access to our award-winning journalism.
You don’t want to be confused and misinformed.
Choose your subscription package