Online insurer Policybazaar says customer data was exposed by ‘unauthorized access’

Indian online insurer Policybazaar said on Sunday that it was subject to an unspecified security incident but found that “no significant” customer data was exposed — or in other words, some was.

Policybazaar, which sells a range of insurance coverage, said in a stock exchange filing that its IT systems were subject to “illegal and unauthorized access” and it is engaging with the authorities to take recourse.

The firm claims on its website that it serves over 9 million customers.

PB Fintech, the holding firm of Policybazaar, which went public last year and whose shares are trading at less than half of the debut price, said its review identified “certain vulnerabilities” in the IT systems and it has patched them.

It did not identify what all customer data had been exposed, whether there was a data breach by an attacker or how many times the vulnerabilities were exploited. It did not immediately respond to a request for comment.

“The identified vulnerabilities have been fixed and a thorough audit of the systems has been initiated. The matter is currently being reviewed by the information security team along with external advisors,” the company said in the filing, which you can read below.