New Delhi: The personal data of up to 10,000 customers of Aegon Life Insurance customers may have been exposed publicly due to a security vulnerability on the company’s website.
The data that was exposed included everything from basic demographic information – such as name, age, gender, mobile phone numbers – to more qualified details in some instances like annual income as well as specific health policy problems.
Aegon Life Insurance, India is a joint venture between the Netherlands-based Aegon NV and Bennett, Coleman and Co. Ltd (BCCL), the Indian publisher of The Times of India newspaper.
The vulnerability in question was simple: when clients of Aegon Life logged onto the company’s website to communicate their grievances to the insurer through various support channels, some of the data that was provided in the process wasn’t adequately secured.
Also read: Truecaller’s UPI Bug Shows Why Indians Need a Strong Data Protection Law
Indian web developer Renie Ravin, who also co-founded the independent blogging platform ‘IndiBlogger’, reported the vulnerability to the company in mid-July 2019, following which the leak was plugged.
It is unclear at this point if any customer information was taken or misused.
The support channels through which the data was leaked included the company contact form for general inquiries as well as existing customers. It also may have included various online tools that helped Aegon Life customers calculate their liability and premiums such as the ‘Education Plan Calculator’, the ‘Retirement Planner’ and the ‘Human Life Value Calculator’ – all of which asked for personally identifiable information.
The Wire has confirmed that the data that was leaked through Aegon Life’s website – an example of which is shown below – was authentic.
Support the originator by clicking the read the rest link below.
