Indian online insurer Policybazaar said on Sunday that an attacker made unauthorized access to its IT systems but the firm’s review found that “no significant” customer data was exposed — or in other words, some was.
Policybazaar, which sells a range of insurance coverage, said in a stock exchange filing that its IT systems were subject to “illegal and unauthorized access,” and it is engaging with authorities to take recourse.
The firm claims on its website that it serves over 9 million customers.
PB Fintech, the holding firm of Policybazaar, which went public last year and whose shares are trading at less than half of the debut price, said its review identified “certain vulnerabilities” in the IT systems and it has patched them.
It did not identify what all customer data had been exposed, name of the attacker(s), or how many times the vulnerabilities were exploited.
“The identified vulnerabilities have been fixed and a thorough audit of the systems has been initiated. The matter is currently being reviewed by the information security team along with external advisors,” the company said.