If the court continues issuing such injunctions, the Department of Telecommunications may need an entire department and staff just to respond to these situations. Should the responsibility be on the DoT, or is there a better way?
Azdhan reports:
The Bombay High Court has granted urgent ad-interim relief to Generali Central Life Insurance Company after the insurer reportedly suffered a ransomware attack by an anonymous hacker group identifying itself as “Medusa.” The Mumbai-based insurance firm is a joint venture between the Central Bank of India and the Generali Group, which is a global insurance and asset management group operating in over 50 countries.
Venkatesh Dhond, arguing on behalf of the insurance company, said the applicant was the victim of a cyberattack that compromised sensitive and confidential data, as mentioned in their submission to the court. He also said the applicant does not yet know the hacker’s identity, except that the global anonymous group calls itself “Medusa”. As a result, authorities identified the alleged hacker group as John Doe, a legal term used to refer to unknown individuals.
After hearing the case, Justice Arif S. Doctor ordered a temporary injunction restraining the unknown perpetrators and their associates from using, publishing, or disclosing any confidential data stolen from the plaintiff until the court delivers a final verdict. As part of this, he directed the Union of India and the Department of Telecommunications, listed as Defendants, to immediately remove, block, and disable all accounts, content, domain names, phone numbers, and email addresses linked to the stolen data of the insurance firm.
The court ordered the authorities to block or remove any accounts or content linked to the data breach or using the complainant’s name, likeness, or trademarks within 24 hours of receiving notice from the complainant insurance firm. It also directed the authorities to file an affidavit of compliance, an official statement confirming full adherence to the court’s orders.
Read more at Medianama.
From the above, it sounds like anyone reporting on the breach might find their accounts or content blocked or removed by authorities. That is more extreme than other injunctions we have seen in other cases, like the Qantas or Legal Aid Agency injunctions.
The specific language of the interim injunction, which is in effect until November 12, 2025, reads, in part:
a. Pending hearing and final disposal of this Suit, this Hon’ble Court be pleased to:
i. pass an order of temporarily injunction restraining Defendant No.3 and their directors, proprietors, operators, partners, employees, agents, servants and affiliates and any persons claiming through them from using, copying, publishing, distributing, transmitting, communicating or disclosing to any person the Confidential Data stolen by Defendant No.3 from the Plaintiff and any other information relating to the Plaintiff that is not available in the public domain by any medium whatsoever or on any platform whatsoever;
iv. pass an order directing Defendant Nos. 1 and 2 to take all steps necessary to: (1) forthwith remove, delete, block and disable accounts, content, domain names, and phone numbers and email addresses in relation to the Confidential Data stolen by Defendant No.3 from the Plaintiff, and (2) within 24 hours of intimation by the Plaintiff remove, delete, block and disable accounts, content, domain names, and phone numbers and email addresses associated with such accounts that may use, copy, publish, distribute, transmit, communicate or otherwise disclose any Confidential Data stolen by Defendant No.3 from the Plaintiff and/or any Confidential Data relating to the Plaintiff, and file an affidavit of compliance in that regard before this Hon’ble Court;
v. pass an order directing Defendant Nos. 1 and 2 to take all necessary steps to remove, delete, block and disable accounts, content, domain names, and phone numbers and email addresses associated with such accounts, that use the Plaintiff’s name, likeness or marks within 24 hours of intimation by the Plaintiff and file an affidavit of compliance in that regard before this Hon’ble Court;”
[Note: No subparts ii or iii appeared in the public document]
It is one thing to try to prohibit the publication of stolen data, but this injunction makes the Union of India and the Department of Telecommunications defendants in the order and requires THEM to do all the censorship/blocking/removal within 24 hours of being notified by Generali.
As with other injunctions this site has reported on previously, its authority is limited to its jurisdiction, or in this case, the defendants’ authority over domains, sites, and accounts. But Generali operates in many countries. Nothing in this injunction will prevent publication or distribution of data in those other countries.
The Medusa attack is reported in additional detail in the Medianama article. It appears to be a typical Medusa attack and attempt to extort its victims. As of this publication, there are 3 days left on a countdown clock, and the leak site displays screenshots as proof of claims. There is also a directory and file tree already available. The latter, even without access to the files themselves, already reveals a lot in filenames and subject lines.
Will Injunctions Become Routine?
In securing the injunction, Generali’s attorneys pointed to a previous case as precedent. This may be the second injunction this court has ever issued, but will it become a trend or routine for entities to seek injunctions? Perhaps, but while it may be effective in their own area, it just may be another example of the Streisand Effect, and result in more people wanting to go look at the data, download it, publish it, or leak it elsewhere. This post is a case in point. DataBreaches would have had no awareness of, or interest in, reporting on the Generali incident but for spotting an article that a court had issued an injunction concerning it.