Irdai orders insurance firms to audit IT systems after Star, Tata AIG breaches
Irdai) has directed all insurance companies to scrutinize their IT systems for vulnerabilities. This advisory follows reports of data breaches involving two major general insurance companies, Star Health and Allied Insurance, and Tata AIG General Insurance.
Star Health publicly acknowledged the data breach to the stock exchanges. Meanwhile, market sources have indicated that Tata AIG was also impacted. In response, Irdai has instructed both companies to engage independent auditors for a comprehensive audit of their IT systems. The companies have also isolated the affected systems and are collaborating with external cybersecurity experts to conduct a root cause analysis.
In a statement, Tata AIG confirmed its awareness of the potential data exposure. «We are aware of recent claims made by a threat actor on holding a small portion of Tata AIG data. Our dedicated teams, in collaboration with independent cybersecurity experts, are conducting a comprehensive investigation and rigorous system checks to ascertain the same,» the company said. Tata AIG has also informed regulatory authorities and is cooperating with ongoing due diligence.
Star Health, on the other hand, mentioned that it is investigating the incident involving potential unauthorized access to customer data by unidentified threat actors. It has reported the breach to all relevant regulatory bodies, including the Computer Emergency Response Team (CERT-IN).
Irdai noted that, in line with standard procedures, the impacted insurers have informed the
