Kotak Mahindra Life Insurance impacted by MOVEit vulnerability data breach

Kotak Mahindra Life Insurance reports that their sensitive information was released in the dark web. The data was stolen through the exploit of the MOVEit vulnerability that has impacted hundreds of organizations worldwide.

While no information is available as to the number of affected individuals, there are significant details about the exposed data set.

The files, organized into 13 different folders, contained over eight gigabytes of data, with one folder alone containing more than 37 megabytes. The attackers released a portion of the records, labeling it as "Part 1," and it is anticipated that the complete data dump will be published in the near future.

The compromised files contained:

• details of clients,
• unique registration numbers (URN),
• SAP login credentials,
• PhonePe records of customers,
• data of financial partners and customers, including Capital Small Finance Bank, Hero FinCorp, and Ummeed Housing Finance.

Kotak Mahindra Life Insurance Company Limited stated that while there was a cyberattack on the MOVEit application, the incident had a limited impact on their file transfer process. They assured that their IT network remained uncompromised, and their operations and customer services were unaffected.