Policybazaar system vulnerabilities exposed customers’ personal details: Report

PTI, Aug 10, 2022, 6:30 PM IST

New Delhi: Vulnerabilities in the system of online insurance broker Policybazaar led to exposure of personal details of lakhs of its customers, including defence personnel, a cyber security research firm claimed on Wednesday.

CyberX9 said Aadhaar and PAN card details as well as addresses and phone numbers of customers were exposed due to the vulnerabilities and that the issue was reported to Policybazaar on July 18.

On July 24, Policybazaar informed stock exchanges that it had noticed the vulnerabilities on July 19 and that no significant customer data was exposed.

When contacted on Wednesday, a Policybazaar spokesperson referred to its filing to the stock exchanges made on July 24 and said the identified vulnerabilities have been duly fixed as confirmed by an external advisor.

”A thorough forensic audit of the incident has been initiated with external advisors. The incident was covered by the media. We have nothing further to add,” the spokesperson said in a statement.

The online broker’s parent PB Fintech is listed on the stock exchanges.

In its report, CyberX9 claimed Policybazaar exposed all confidential and sensitive personal information, including that of Aadhaar, PAN card and Passport, of millions of the customers.

It also claimed that the vulnerabilities in Policybazaar’s system potentially exposed data of 56.4 million people who have transacted on the platform.

”The information exposed to the whole internet included but not limited to, customer’s full name, date of birth, complete residential address, email address, mobile number, policy details, including nominee details, copies of user’s bank account statements, income tax returns documents, Passport, Aadhaar card, PAN card, and so on,” it said.

In case of the defence personnel, information such as designation, location of their posting and activities they are engaged in were exposed, the report claimed.

After informing Policybazaar about the vulnerabilities on July 18, CyberX9 reported the incident to cyber security watchdog CERT-IN on July 24.

”CERT-In confirmed to us on July 25 that Policybazaar has now admitted and fixed the reported vulnerabilities and asked us to retest if the vulnerabilities were fixed,” the report said.

CyberX9 said it also submitted the report to National Cyber Security Coordinator Rajesh Pant who promised to initiate action against Policybazaar.

”Rajesh Pant promptly reverted back to us after going through the information we shared, they thanked us for the information and informed us that they shall initiate action against Policybazaar,” the report said.

An email query sent to Pant on the issue remained unanswered.

”At the end of our analysis, we came to the conclusion that there is high potential that Policybazaar could be having these vulnerabilities as intentional backdoor vulnerabilities in order to potentially allow access to the Chinese government to sensitive data of Indian nationals and particularly defense personnel,” CyberX9 alleged.

Udayavani is now on Telegram. Click here to join our channel and stay updated with the latest news.

Top News

ASI to seek world heritage status for Barabar and Nagarjuni caves in Bihar

14th century Kannada stone inscription found in Udupi

SC to hear on Oct 12 pleas challenging Centre’s 2016 decision to demonetise currency notes

Delhi HC grants bail to Chitra Ramkrishna, Anand Subramanian in NSE co-location case

‘PFI ban a message to ‘anti-national groups’ that they will not survive in India’

UP: 8 killed, 14 injured in head-on collision between bus, mini truck

“Historical decisive action”: Araga Jnanendra on centre’s ban on PFI, 5 others for terror links

Related Articles More

Sensex tumbles 609 points in early trade amid weak Asian markets

Blasts precede Baltic pipeline leaks, sabotage seen likely

Adani to invest USD 100 bn across new energy, data centres

Rupee falls 43 paise to all-time low of 81.52 against US dollar

Apple now manufacturing iPhone 14 in India


Sunil Kumar Statement about PFI

Dasara Celebration at Uchila Mahalakshmi Temple

Kollur Mookambika

President Draupadi murmu inaugurates Mysore Dasara-2022

Creative PU College Moodabidri

Latest Additions

Aesthetic surgeries to be done by registered medical practitioners only: NMC guidelines

ASI to seek world heritage status for Barabar and Nagarjuni caves in Bihar

Now-banned PFI was under radar of govt agencies for long

14th century Kannada stone inscription found in Udupi

SC to hear on Oct 12 pleas challenging Centre’s 2016 decision to demonetise currency notes

Thanks for visiting Udayavani

You seem to have an Ad Blocker on.
To continue reading, please turn it off or whitelist Udayavani.