At the crossroads of fundamental right to privacy, the ever persistent hacks and the currently unenforceable DPDP Act, the Indian citizens are left in the lurch. Mumbai’s Generali Central Insurance Company has become the latest victim of the Medusa ransomware syndicate, putting millions of Indian policyholders at risk after hackers announced ransom demands online—$500,000 each for downloading or deleting stolen data, plus $10,000 for payment delays. It's not the first of its kind.
This cyberattack follows a global uptick in insurance sector breaches, with major incidents affecting insurers like CNA Financial and AXA in recent years, where sensitive client data ended up for sale on dark web forums. The spotlight on Medusa is warranted: this group is notorious for publicly shaming victims and extorting them by leaking confidential data if ransoms aren’t paid. Their campaigns are marked by aggressive tactics, including social media posts to ensure maximum pressure and attention.
A change in ransom strategy remains unexplained. The Generali case, strikingly, saw no direct ransom demand delivered to the victims; instead, ransom notes emerged on blogs and social feeds, indicating either the attacker’s confidence in indirect pressure or an intent to obscure direct criminal liability for extortion. For Indian investigators, such indirect approaches complicate the trail, but digital fingerprints left on social media and the dark web provide openings for cyber police and forensic teams to trace suspects.
Yet, the lack of legally mandated reporting, transparency, and experience hampers timely takedowns. Eight years after the Supreme Court declared privacy a fundamental right and two since the DPDP Act was passed, routine data leaks keep exposing everyday Indians to life-altering risks, while state response remains fragmented and slow. Insurance data—often the most personal—deserves ironclad security. Today, the only thing more vulnerable than our data is the hope of redress.
IN THE BATTLE FOR CITIZEN’s PRIVACY, LACK OF ENFORCEMENT TEETH MAKES A MOCKERY OF THE LAW.