NEW DELHI: The negligence of leading companies and key players in the insurance sector in keeping the customers’ data secured is giving a boost to the multi-crore cyber fraud industry in India. Data of millions of insurance customers are on sale, which is being used as fuel by scammers.
UP’s Special Task Force on Thursday has unearthed one similar syndicate which has minted over Rs 50 Cr through insurance fraud. The investigation highlights how conmen were using data of leading private insurance companies to cheat their customers. The gang had set up a professional call centre to make fraudulent calls offering deals and incentives on their existing policies and used to cheat customers. The leaked data of insurance companies acted as the base through which these fraudsters planned their attack.
Despite thousands of people being cheated every day and such fraudulent practices thriving across the country, no action has been taken against the insurance companies which are bound to ensure the safety of their customers’ data.
UP STF has recovered data of Shriram Insurance, Bharti AXA, HDFC Life, Reliance Life, Future Generali, Exide Life, Bajaj Life, Aegon Life, Birla Life etc from the scammers. Earlier, the nine arrested gang members used to work in insurance broker companies. In the year 2018, they opened their fake call centre in Noida using fake documents. The gang confessed that they were buying data of policyholders in an unauthorized manner from agents of various insurance companies. This data was gold as they had access to all the details of their target – address, date of birth, age, policy details, past payments, bank details, relatives’ information, income details etc. It helped them appear genuine on the call.
The team of STF is now going to conduct a forensic audit of the data recovered from the gang. A senior officer told The420.in that the audit will throw light on where the data breach happened. The data of the companies has been collected through hacking or involvement of employees or via data dumps on the internet.
“We will conduct an information security audit of the insurance companies to scrutinize from where the data breach happened. Representatives of these insurance companies will be booked for the lapses,” said the officer.
The IRDAI prescribed the Cyber Security Guidelines in 2017. Giving out guidelines to all insurers, IRDA has said that in case of intermediaries and other regulated entries with whom the policyholder information is being shared, it would be the responsibility of insurers to ensure that adequate mechanism are put in place to ensure that the issue related to information and cyber security are addressed.
However, despite a sharp increase in cyber insurance cases no action has been taken against the insurance companies. The researchers of Future Crime Research Foundation (FCRF), a non-profit think tank that is involved in deep research in crime data, trends and analysis have raised questions on data protection and action against violators.
“Why is IRDA not tightening the noose around the violators? Harsh punishment or heavy fines should be imposed. An immediate forensic audit of all these insurance companies should be carried out to find out the sources of the data leak,” FCRF’s researchers said.
FCRF pointed out Finance Ministry / IRDA must set up an enquiry to find out security lapses.
“Insurers are just purchasing information security certificates for the sake of legal compliance. They are not taking data security seriously. Hardly any Vulnerability Assessment and Penetration Testing (VAPT) is done methodically,” senior officials in the insurance sector told The420.in.
Follow The420.in on