A fresh data breach scare has hit Niva Bupa Health Insurance, prompting urgent intervention from the Delhi High Court. An anonymous hacker, claiming access to sensitive customer and claims data, demanded ransom under the threat of public exposure.
The company’s leadership received a chilling email on February 20 from someone calling themselves “xenZen,” who not only boasted of prior cyberattacks on other insurers but also threatened to leak Niva Bupa’s stolen data on a website ominously named NivaBupaLeaks.com. The hacker followed up with multiple emails containing sample records, heightening concerns over identity theft, fraud, and reputational harm.
Acting swiftly, the Delhi High Court issued an interim order to contain the crisis. Justice Mini Pushkarna ruled in favor of the insurance provider, acknowledging the potential for irreparable loss if the leaked data were to spread. The court directed immediate takedown of the hacker’s domain names and email accounts while imposing restrictions on the distribution of the stolen data.
Key Orders from the Court:
✅ Website & Email Shutdown: Registrars and authorities must block and disable the hacker’s platforms within 24 hours.
✅ Data Protection Measures: The hacker and any associates are barred from using or publishing Niva Bupa’s confidential information.
✅ Trademark Safeguards: Unauthorized use of “Bupa” and “Niva Bupa” in misleading content is strictly prohibited.
✅ Identity Disclosure: Domain hosts and authorities must share all available details on the hacker, including IP addresses and contact information.
✅ Future Cyber Defenses: Internet providers must prevent the creation of similar domains using Niva Bupa’s branding.
This is the second major cyberattack on the company in recent months. In November 2024, a similar breach led to court intervention, including orders to block accounts linked to another anonymous hacker.
The case will be reviewed again on August 28, as authorities work to track down those responsible for this latest attack.
