Data Breach at Health insurer Religare Health Insurance

Cybersecurity firm Cyble Research Unit has reported that Health insurance firm Religare Health Insurance has been hacked thereby compromising user data of over 5 million of its users and employees. 

According to Cyble researchers, the hacker had obtained initial access due to a misconfiguration issue. Cyble claimed that the threat actor is selling the personal information of over 5 million people on the Dark Web, and this includes Religare employees’ data as well. 

Cyble claims that the list of leaked data exposed includes: Customer’s name, address, mobile number, email id, date of birth (dob); customer’s ID, policy number, start date, end date, agent assigned; name of the policy, sum insured, renewal amount; and employee /agents full names, mobile numbers, dob, usernames, password hashes, individual authorisation keys, official email IDs, email signatures having office address and personal mobile numbers, last login and logout, internal IP address through which they connected to the portal.

The leak of such sensitive details put Religare customers at risk of phishing attacks.

Cyble has suggested that Religare should consider investigating its internal systems to ascertain the scope of the hack and perform remedial actions immediately.

Cyble has put out a list of guidelines that advised users refrain from sharing their share personal informsation, including financial information over the phone, email or SMSes. It also recommends use of strong passwords and enforce multi-factor authentication where possible and monitor financial transactions periodically. Cyble has also asked users to contact their bank immediately if they notice any suspicious transaction.

Cyble is a US-based global cybersecurity firm with tools and capabilities to provide near real-time cyber threat intelligence.