Imagine logging into your insurance account, only to find a stranger’s policy details displayed instead. To make matters worse, imagine the stranger being mistakenly listed as your spouse.
For at least two policyholders of ICICI Lombard, this wasn’t a bizarre hypothetical situation; it was a shocking reality, raising serious concerns about data security at one of India’s leading insurers.
Shocking mix-up
When Germany-based Arijit Patra logged into ICICI Lombard’s website to check his insurance policy details, he was in for a shock. Instead of his own policy, he found details of an unknown woman.
“It was a two-wheeler policy, and details of my actually subscribed policy with ICICI Lombard were not shown,” he said.
To make matters worse, the documents visible on his dashboard allegedly listed the woman as his wife.
“This misrepresentation caused significant distress in my family. It is a clear case of violation of data privacy,” he added.
Patra posted about the incident on social media and received a call from ICICI Lombard in the following 2-3 days. The insurance company rectified the issue, while maintaining that Patra’s data was intact and secured.
“Basis your complaint, we have verified the records and observed that issue faced by you was on account of profile creation basis mobile number. We assure you that we have taken all corrective measures to avoid any such unforeseen events in the future,” the alleged screenshot of ICICI Lombard’s response to Patra, shared with Mint, read.
Patra, however, felt it was a case of data security violation.
“I could see the lady’s policy details, her address, her masked email ID, and mobile number. What if someone could have seen my policy details? I asked them if they informed the lady about the data breach. They did not give a convincing reply,” he said.
Mint reached out to Lombard about Patra’s specific case to which the company said it was an isolated case.
“The overlap happened because the lady happened to mention Patra’s mobile number in her policy details. We have delinked his number from her policy account,” the company said.
Also read: Are you sharing too much? The risks of giving your ITR credentials to CAs
Not an isolated incident?
Karnataka-based Chethan S. allegedly faced a similar issue in August last year. He received a call from Lombard asking him to renew his policy.
“The customer executive mentioned policy details which did not belong to me. When I logged in to my account, the dashboard showed someone else’s policy details. Social media escalation helped me get it rectified,” he said.
The issue appears to stem from a single mobile number being linked to multiple policyholders—something ICICI Lombard only discovered after customers raised concerns.
It remains unclear whether these are isolated incidents or part of a larger problem. Notably, the company recently transitioned from an email ID-based login system to a mobile number-based one.
“At ICICI Lombard, we are committed to addressing customer concerns with urgency and transparency. Upon receiving the feedback, we have reviewed the concern thoroughly and identified that the issue stemmed from profile creation and nowhere related to data leakage issue as alleged,” said ICICI Lombard in response to Mint queries.
“Our customer service team has already provided clarity to the customer on the situation. We maintain the highest standards of regulatory compliance and corporate governance in all our operations, ensuring that our processes align with industry best practices,” the company added.
Queries sent to Irdai remained unanswered.
Also read: How NPS schemes have fared versus benchmark indices
