India's largest online insurer Policybazaar said Sunday that it had lost control of its IT systems.
PB Fintech, the parent company, confirmed that the breach occurred on July 19, and said that although no customer information was affected, the firm is cooperating with law enforcement to investigate the matter.
“Illegal and unauthorized access” but no'significant' data
Policybazaar claims that nearly 9,000,000 customers use their services via 50 insurers. PB Fintech reported this Sunday that Policybazaar's IT systems had been compromised by existing vulnerabilities in its network.
To determine the extent of the damage and to what exactly caused it, Policybazaar is currently conducting a thorough investigation. According to the firm, it reached out the authorities. It will continue publishing updates as the situation develops.
Policybazaar reached out to appropriate authorities in this matter and will take legal recourse. In a filing, the company stated that the identified weaknesses have been addressed and that a detailed audit has been conducted of the system. While we're still conducting a thorough review, it was determined that there were no customer records at risk.
Are AWS Vulnerabilities the Source of Breach
Policybazaar also revealed that Policybazaar had migrated all of its apps to the Amazon Web Services Cloud. Although this cannot be verified, PB Fintech suggests that the AWS configuration could have been misconfigured.
Our security team found an AWS S3 bucket configuration error in March that allowed the exposure of personal information for 500,000 Sephora customers. Sephora was able to close the breach within days after our findings. A recent Policybazaar survey revealed how important cyber insurance is.
A zero-day vulnerability could also be a possibility, which may have allowed data to be stolen and sold via the dark internet. Cleartrip, an Indian travel platform that offers bookings for India was the victim of a cyberattack similar to one seen a few days back.
Companies are being hit by cyberattacks and economic downturn
According to the firm, it's “India's largest and best online insurance marketplace” with more than 19 million policies sold over its 13-year history. Its goal is to end “rampant misselling and prevent policy lapses.”
PB Fintech's run has been great — it was valued at more than $7 billion in 2021 at one time — but the stock price of this firm has fallen to half its original value.
Policybazaar is not the only company that's suffering from economic difficulties. Companies that operate mostly online continue to be impacted by cyber threats. OpenSea, a popular NFT platform suffered an extensive data breach in June.
Switch, a fintech startup that just launched in April, leaked personal information of thousands of customers. The fact that such large amounts of information are held by insurance companies makes them a prime target for cybercrime.