MUMBAI: Irdai has asked all insurance companies to check their IT systems for vulnerabilities and take necessary precautions to protect policyholder data. The insurance regulator’s advisory comes in the wake of two general insurance companies reporting data leaks.
Star Health and Allied Insurance disclosed the data breach to stock exchanges, while market sources said that Tata AIG General Insurance was also impacted.The two companies have been instructed to appoint an independent auditor to comprehensively audit their IT systems to identify vulnerabilities. Both have also isolated the impacted IT systems and engaged an external IT security company to perform a root cause analysis, Irdai said.
“We are aware of recent claims made by a threat actor on holding a small portion of Tata AIG data. Our dedicated teams, in collaboration with independent cybersecurity experts, are conducting a comprehensive investigation and rigorous system checks to ascertain the same,” Tata AIG said in response to a query. The company said it has notified regulatory authorities and is cooperating for the due diligence.
Star Health has said that it is already carrying out an investigation by unknown ‘+3threat actors’ to customers data and has reported the incident to all regulatory authorities, including the Computer Emergency Response Team (CERT-IN).
“As part of the standard operating procedures of the concerned insurers, they reported the cyber incident to govt and Irdai… The containment, eradication and recoverability plan, as suggested by the audit firm, are being implemented by the insurers,” Irdai said.