The Delhi High Court has issued an injunction prohibiting any unauthorized use, disclosure, or publication of sensitive and confidential data belonging to Niva Bupa Health Insurance Company Limited by an unidentified data thief. The court's directives aim to safeguard the privacy rights of customers and prevent misuse of their personal data following a ransomware attack on the company.
Senior Advocate Mr. Pradeep K. Bakshi, along with the team from White & Brief Advocates & Solicitors, represented Niva Bupa. During the course of arguments, Mr. Bakshi informed the court that the company's robust security systems had been compromised in a targeted ransomware attack aimed at extortion. He further submitted that the data breached included personal details such as names, identity proofs, addresses, policy details, and mobile numbers—information collected as part of regulatory compliance.
The Plaintiff established a strong prima facie case for interim relief, arguing that the breach had the potential to cause significant damage to both the company and its customers.
While passing the injunction Order, Justice Manmeet Pritam Singh Arora emphasised the potential risks arising from unauthorized access to sensitive data, such as identity theft, financial fraud, privacy violations, and unauthorized transactions. Recognizing the severity of the breach, the court underlined the critical need to protect personal information and issued an order for the immediate removal of any leaked data by intermediaries and platforms within 24 hours of notification by the Plaintiff.
To mitigate the potential harm, the court issued a series of directives, including:
1. Restraining Order: The "John Doe" defendant is strictly prohibited from using, copying, publishing, or disclosing Niva Bupa's confidential information on any platform.
2. Action by ISPs and Platforms: Internet service providers and intermediaries have been directed to block and remove all unauthorized content, accounts, and domains associated with the misuse of the Plaintiff's trademarks and data.
3. Investigation Support: Defendants Nos. 1 to 6 have been instructed to provide all available information regarding Defendant No. 7, including digital footprints, to aid the ongoing investigation.
The team from White & Brief Advocates & Solicitors, comprised of Partner Mr. Mohit Bakshi and Associate Mr. Akshaja Singh.
This judgment reaffirms the importance of customer data privacy in the digital age and serves as a crucial step in combating unauthorized data breaches and ransomware attacks.