Mumbai – The Bombay High Court has delivered a significant ruling in favor of Generali Central Life Insurance Company Limited following a cyberattack. The court has restrained the hacker group “Medusa” and all associated individuals from leaking or publicly disclosing the company’s confidential data.
A bench led by Justice Arif S. Doctor on 16 October granted ad-interim relief, directing the Union Government, the Department of Telecommunications (DoT), and other authorities to immediately block and disable all accounts, domains, and communication channels associated with the Generali data breach.
The court observed:
“The consequences of the applicant’s confidential data being made public or commercially exploited would be grave. Granting interim relief is in the interest of the applicant and entirely justified.”
Generali informed the court that its customer and corporate data had been hacked and that the perpetrators demanded a ransom of ₹4.17 crore (approx. $500,000). The hackers threatened on social media platform X (formerly Twitter) that unless the ransom was paid, the data would be made available to any willing buyer.
FCRF Launches CCLP Program to Train India’s Next Generation of Cyber Law Practitioners
Court-submitted screenshots revealed three ransom options offered by the hackers:
1. Extend time by 1 day – ₹8.35 lakh ($10,000)
2. Delete all data – ₹4.17 crore ($500,000)
3. Download all data – ₹4.17 crore ($500,000)
Since the identity of the hackers remains unknown, Generali impleaded them as John Doe. The company sought an injunction to restrain the hackers from publishing, distributing, or selling its confidential data through any medium.
The court barred the Medusa hacker group (Defendant 3) and all their associates from using, copying, transmitting, or disclosing Generali’s confidential information in any form.
Additionally, the court directed the DoT and related authorities to:
1. Immediately remove, block, or disable all accounts, domains, phone numbers, and email addresses linked to the stolen data.
2. Disable any new content or accounts misusing confidential information within 24 hours of notification by Generali.
3. File an affidavit of compliance confirming the steps taken.
Generali referenced the HDFC Life Insurance Co. Ltd. vs. Meta Platforms Inc. case, in which similar relief was granted to prevent misuse of corporate data following a cyberattack.
The company was represented by Senior Advocate Venkatesh Dhond, along with Advocates Vishal Kanade, Aruna Roy, Devashish Godbole, and Prasad Nagargoje. Advocate Ashish Mehta (instructed by Ethos Legal Alliance) represented the Union of India and the DoT.
