CyberXtron
Back to Blogs
BREAKING: Another Indian Insurance Giant Allegedly Suffers Major Data Breach – 3 Million Records at Risk! 
data_breachinsurance sectorbajaji capitalDarkweb breachIRDAIInsurance data breachidentity data leaks

BREAKING: Another Indian Insurance Giant Allegedly Suffers Major Data Breach – 3 Million Records at Risk! 

Summary: 

CyberXTron Threat Intelligence Researchers have uncovered a significant data breach involving a Top Insurance Firm in India [Bajaj Capital], allegedly attributed to a new threat actor named "GreyMan." Despite no prior history linked to this alias, the actor claims responsibility for the breach, which has surfaced on a dark web forum.  

This marks the fourth such breach in India’s insurance industry since October 2024, highlighting an ongoing wave of cyberattacks targeting the Insurance sector. 

In a related event, Ransomhub, a notorious ransomware group, claimed responsibility for a massive data breach at Star Health Insurance in October 2024. The breach resulted in the exfiltration of 200GB of sensitive data Over 31 million customers, highlighting the growing threat to the Health Insurance sector. 

The Insurance Regulatory and Development Authority of India (IRDAI) is continuously strengthening its regulatory framework by introducing stricter policies to mitigate the growing risk of cybercrime in the insurance sector. 

 

Analysis and Findings: Unveiling Key Insights 

On 2 April, 2025, CyberXTron XTron-Researchers team discovered a threat actor GreyMan selling Around 3M customer's data.  

Exposed data: 

  • Multiple Databases (MSSQL, SQL, Oracle DMP) 
  • 2 Million Customer KYC Details (Aadhar, PAN, Cancelled Cheques, etc.) 
  • 1 Million Users' Car/Bike Insurance Policy Data (PDF) 
  • Source Code of All Projects 
  • Credentials (Third-party vendors, DBs, etc.) 
  • Internal Documents and More 

Overview of the Data Breach 

Based on the data samples analysed by CyberXTron’s XTron-Researchers, the leaked data includes the following: 

Pet Insurance Owners Data: 

  • Customer names, policy numbers, and premium details. 
  • Coverage details (types of pets insured, policy limits, etc.). 
  • Insurance plans start and end dates. 
  • Contact information (phone numbers, addresses). 

Email IDs of Bajaj Capital Employees: 

  • Employee email addresses. 
  • Potential access to corporate systems and sensitive information.

 

Potential Impact of Breach

  • Identity theft and fraud for millions of individuals, impacting customer trust.
  • Financial losses through unauthorized transactions, fraudulent claims, legal fines, and phishing attacks targeting individuals or employees.
  • Intellectual property theft due to the exposure of source code.
  • Supply chain attacks by using exposed third-party credentials, leading to broader breaches.
  • Reputation damage for the affected organization, legal consequences, and loss of business.
  • Social engineering attacks, exploiting trust to gain unauthorized access to systems or sensitive data.
  • Credential stuffing, leveraging stolen login credentials to breach other accounts or systems.

 

What Happens Next?

The exact TTPs (Tactics, Techniques, and Procedures) behind this data breach are currently unknown. The XTron-Research Team is actively investigating and will provide updates as more information emerges. We will continuously monitor the dark web for any updates on the breach, and will keep tracking the situation closely. 

 

Threat Actor Profiling: 

The GreyMan threat actor, active since February 2024 and formerly known as BlueStone and GreyHat, has a history of adopting various aliases. GreyMan currently maintains a high-profile VIP account with a well-established reputation. Recently, Threat Actor changed his alias once again before the publication of this data breach. 

IRDAI Strengthens Cyber Defenses in the Insurance Sector 

IRDAI’s latest guidelines stress the importance of cybersecurity in India’s insurance sector, requiring companies to report incidents quickly, monitor threats in real time, and be prepared for investigations. Insurance firms and intermediaries must take proactive steps to manage cyber risks, as failure to comply could result in penalties. 

As cyber threats to insurance sectors increase, IRDAI is urging stronger cybersecurity measures to protect customers and keep businesses running smoothly in the digital age.

 

Conclusion: 

This breach has compromised sensitive customer and business data, including KYC details, insurance policies, and internal credentials, posing serious risks to the organization. Customers face potential identity theft and fraud, while the exposure of source code and internal documents could impact the company’s competitive position. Additionally, the breach brings legal, financial, and reputational challenges. 

A swift response is essential to minimize damage and meet regulatory requirements.

 

CyberXTron enables critical industries to proactively monitor external digital risks and exposures, helping to mitigate cyber threats at an early stage. Our Digital Risk Assessment uncovers existing vulnerabilities, bringing risks to the forefront and helping organizations prevent such data breaches and cyberattacks.
 
Reach out to us at support@cyberxtron.com or submit your request at CyberXTron Contact Us.

Elevate your security—get curated threat insights in your inbox.

BREAKING: Another Indian Insurance Giant Allegedly Suffers Major Data Breach – 3 Million Records at Risk!  | CyberXTron Blog