Cyber Incident Victim: Religare Health Insurance
Date:
Jul 2020
Location:
India
Summary
A major data breach at Religare Health Insurance compromised approximately 5 million records, including sensitive customer and employee information. The exposed data encompassed policyholder details such as names, contact information, dates of birth, policy numbers, and financial specifics, alongside agents' and employees' personal credentials, authorization keys, password hashes, internal IP addresses, and login activity logs. Cybersecurity firm Cyble identified the breach and linked it to a known South Korean threat actor group responsible for previous high-profile attacks. The stolen data was offered for sale on the dark web, posing significant risks of phishing campaigns, identity theft, and financial fraud targeting affected individuals. The company acknowledged the incident and stated it was investigating while emphasizing ongoing technology investments to address security concerns.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 9, 2020, cybersecurity firm Cyble reported a significant data breach at Religare Health Insurance, a Gurugram-based health insurer. The breach exposed approximately 5 million records containing sensitive customer, agent, and employee information. Compromised customer data included full names, phone numbers, email addresses, dates of birth, customer IDs, policy numbers, policy start/end dates, coverage amounts, and renewal details. Employee and agent records contained usernames, password hashes, individual authorization keys, official email signatures with office addresses, personal mobile numbers, last login/logout timestamps, and internal IP addresses used to access company systems. Cyble discovered the stolen dataset being offered for sale on dark web forums and attributed the breach to a known South Korean threat actor group that had previously targeted other major organizations including Zee5, e27, and multiple Indian companies.
Religare Health Insurance acknowledged the concerns and stated they had consistently invested in technology-driven processes since inception, though they did not confirm the breach's validity or scope. Cyble warned the leaked information created substantial phishing risks, particularly for identity theft and KYC-related frauds targeting Indian customers. The cybersecurity firm urged Religare to investigate internal systems to determine breach extent, implement immediate remediation, and notify affected parties. This incident followed a pattern of high-profile breaches identified by Cyble in 2020, including Unacademy, BEML, and IndiaBulls, though Religare's case involved particularly extensive exposure of both customer policy details and employee authentication credentials. The breach highlighted ongoing cybersecurity challenges facing Indian insurance providers amid increasing regional cybercrime activity.