Bombay High Court
Generali Central Insurance Company ... vs Union Of India Through The Department Of ... on 30 October, 2025
1.COMAS(L)-34484-2025.doc
Ajay Jadhav
Digitally
signed by
IN THE HIGH COURT OF JUDICATURE AT BOMBAY
JYOTI
JYOTI PRAKASH
PRAKASH
PAWAR
PAWAR
Date:
2025.10.30
ORDINARY ORIGINAL CIVIL JURISDICTION
17:31:07
+0530
INTERIM APPLICATION (L) NO. 34452 OF 2025
IN
COMMERCIAL IP SUIT (L) No. 34399 OF 2025
Generali Central Insurance Company Ltd. ... Applicant
IN THE MATTER BETWEEN
Generali Central Insurance Company Ltd. ... Plaintiff
V/s.
Union of India & Ors. ... Defendants
____________________________________
Mr. Venkatesh Dhond, Senior Counsel a/w Mr. Vishal Kanade, Mr. Devashish
Godbole, Mr. Arunav Guha Roy, Mr. Prasad Nagargoje, Ms. Priyansha Jain for
Plaintiff.
Mr. Y. R. Mishra, (through VC) for Defendant Nos. 1 & 2.
___________________________________
CORAM : FARHAN P. DUBASH, J.
DATE : 30TH OCTOBER 2025
(VACATION COURT)
ORDER :
1. At the outset, Mr. Dhond, learned senior counsel who appears on behalf of the Plaintiff tenders an affidavit of service. The same is taken on record. Mr. Mishra, learned counsel who appears on behalf of Defendant Nos. 1 and 2 submits that he has received the papers of the captioned matter only late last evening and accordingly, did not have sufficient time to go through the same and/or take appropriate instructions from his clients. Defendant No. 1 is the 1/7 ::: Uploaded on - 30/10/2025 ::: Downloaded on - 30/10/2025 21:17:35 :::
1.COMAS(L)-34484-2025.doc Ajay Jadhav Union of India through the Department of Telecommunications whereas, Defendant No. 2 is the Ministry of Electronics and Information Technology.
2. However, considering the seriousness and the urgency involved in this matter, the same is being taken up today for urgent ad-interim reliefs.
3. Briefly stated, the Plaintiff is constrained to file the captioned suit on account of a cybersecurity incident wherein, about 386.8 Gb of 'confidential data' of the Plaintiff and its other group company, Generali Central Life Insurance Company Limited (GCLI) was exfiltrated from its common server through a cyberattack stated to have been engineered by an unknown person/entity and accordingly, referred to in the captioned suit as "John Doe". The plaint further asserts that this confidential data has been put up for sale on the dark web and is susceptible to misuse resulting in harm and loss, not only to the Plaintiff but also to scores of its customers. Prior to the change of name and brand that happened in August 2025, the Plaintiff was previously operating in the country under the brand name "Future Generali" since about 2007. As a part of the insurance business processes and statutory/regulatory requirements, including the 'Know Your Customer' (KYC) obligations, the Plaintiff is required to collect, store and process, wide variety of data relating to its customers including commercial and personal data which not only includes their names and contact details but also other identification documents, PAN details, banking and other details, etc. All this information is collected by the Plaintiff and provided by its customers on a highly 2/7 ::: Uploaded on - 30/10/2025 ::: Downloaded on - 30/10/2025 21:17:35 :::
1.COMAS(L)-34484-2025.doc Ajay Jadhav confidential basis and is therefore, very sensitive and commercially valuable and is stated to have been kept confidential by the Plaintiff, who is stated to have put in place various technological safeguards and data protection measures which includes a multi-layered defense strategy aligned with ISO 27001:2022 standards.
4. Notwithstanding such measures, sometime on or about 23rd September 2025 at 1145 hrs, the Plaintiff was a victim of a cyber-attack which resulted in the data theft of its 'confidential data' from its servers. Knowledge of this data theft became known on 28th September 2025 when a tweet was posted on the social media platform X (formerly known as Twitter) by 'FalconFeeds.io', a threat reporting account which reported that Generali Central Insurance had fallen victim to a Medusa ransomware. This Tweet also contained a screenshot of 'Medusa Blog' that had reportedly carried out the data exfiltration incident.
5. Whilst referring to the averments contained in paragraph 5.9 of the plaint, Mr. Dhond explains that the Medusa Blog is a public leak site on the dark web that is operated by the Medusa ransomware group. He submits that Medusa is a notable ransomware-as-a-service (RaaS) variant, operated by Defendant No. 3 and which was first identified in June 2021. He further submits that it has since targeted numerous victims from a variety of critical infrastructure sectors.
3/7 ::: Uploaded on - 30/10/2025 ::: Downloaded on - 30/10/2025 21:17:35 :::
1.COMAS(L)-34484-2025.doc Ajay Jadhav
6. Upon further inquiry by the Plaintiff (and GCLI), the Tweet was found to be true and a post was thereafter put up on the Medusa Blog, setting out details of the data leak together with a countdown clock (Blog Post), having three buttons: (a) adding a day's time to the clock - for $10,000; (b) deleting all data - for $500,000; and (c) downloading the entire data - $500,000, respectively.
7. Thereafter, the Plaintiff has also registered a First Information Report (FIR) in respect of this data theft on 18 th October 2025 with the Cyber Police Station, East Division, at Mumbai bearing No. 0238 of 2025 and also notified the incident to the IRDAI and the Indian Computer Emergency Response Team (CERT-In).
8. Mr. Dhond further points out that a suit, seeking similar reliefs as those sought in the captioned suit, has already been filed by GCLI in this Court being COMIP (L) No. 33505 of 2025. Interim Application (L) No. 33156 of 2025 was taken out in the said suit wherein this Court was pleased to pass an order dated 16th October 2025 granting urgent ad-interim reliefs to the said GCLI. Mr. Dhond submits that a similar order also ought to be passed in the captioned suit.
9. Mr. Dhond contends that though the countdown clock has run out, sometime on or about 22nd October 2025, till date, to the Plaintiff's knowledge, the 'confidential data' has not been leaked by Defendant No. 3. However, he 4/7 ::: Uploaded on - 30/10/2025 ::: Downloaded on - 30/10/2025 21:17:35 :::
1.COMAS(L)-34484-2025.doc Ajay Jadhav apprehends that in future, there is all possibility that such data will be leaked without any further notice and accordingly, presses for the urgent ad-interim reliefs sought in the Interim Application. He prays that in such scenario and within 24 hours of being intimated by the Plaintiff, Defendant Nos. 1 & 2 be directed to issue necessary instructions to internet service providers, intermediaries and other relevant authorities to remove, delete, block and disable accounts, content, domain names and phone numbers and e-mail addresses associated with such unlawful content. He submits that given various past instances of such ransomware attacks, there is every likelyhood that Defendant No. 3 may disseminate or sell the confidential data which will cause grave and irreparable loss harm and injury not only to the Plaintiff but also to its customers.
10. Mr. Mishra assures this Court that Defendant Nos. 1 and 2 will extend their fullest co-operation to the Plaintiff.
11. Having heard Mr. Dhond and after considering the material placed before me, I am of the view that a strong prima facie case has been made out by the Plaintiff for grant of urgent ad-interim reliefs. The balance of convenience clearly lies in its favour inasmuch as, if the confidential data is made public or leaked or traded, it would result in catastrophic consequences. This, in turn, would inevitably result in irretrievable harm, loss and injury to the Plaintiff. In the circumstances, the following order is passed: 5/7 ::: Uploaded on - 30/10/2025 ::: Downloaded on - 30/10/2025 21:17:35 :::
1.COMAS(L)-34484-2025.doc Ajay Jadhav ORDER
(a) The Plaintiff is hereby granted ad-interim reliefs in terms of prayer clauses a(i), a(iv), a(v) and a(vi) of the Interim Application which are reproduced hereunder :-
"a-i. pass an order of temporarily injunction restraining Defendant No. 3 and their directors, proprietors, operators, partners, employees, agents, servants and affiliates and any persons claiming through them from using, copying, publishing, distributing, transmitting, communicating or disclosing to any person the Confidential Data stolen by Defendant No. 3 from the Plaintiff and any other information relating to the Plaintiff that is not available in the public domain by any medium whatsoever or on any platform whatsoever;
a-iv. pass an order directing Defendant Nos. 1 and 2 to take all steps necessary to : (1) forthwith remove, delete, block and disable accounts, content, domain names and phone numbers and email addresses in relation to the Confidential Data stolen by Defendant No. 3 from the Plaintiff, and (2) within 24 hours of intimation by the Plaintiff remove, delete, block and disable accounts, content, domain names and phone numbers and email address associated with such accounts that may use, copy, publish, distribute, transmit, communicate or otherwise disclose any Confidential Data stolen by Defendant No. 3 from the Plaintiff and/or any Confidential Data relating to the Plaintiff, and file an affidavit of compliance in that regard before this Hon'ble Court;
a-v. pass an order directing Defendant Nos. 1 and 2 to take all necessary steps to remove, delete, block and disable accounts, content, domain names and phone numbers and email addresses associated with such accounts, that use the Plaintiff's name, likeness or marks within 24 hours of intimation by the Plaintiff and file an affidavit of compliance in that regard before this Hon'ble Court;
6/7 ::: Uploaded on - 30/10/2025 ::: Downloaded on - 30/10/2025 21:17:35 :::
1.COMAS(L)-34484-2025.doc Ajay Jadhav a-vi. pass an order directing Defendant Nos. 1 and 2 to issue necessary instructions to internet service providers, intermediaries and other relevant authorities to remove, delete, block and disable accounts, content, domain names and phone numbers and email address associated with such accounts, referred to in prayers a(iv) and a(v) above."
(b) Defendant Nos. 1 and 2 shall file their affidavit-in-reply to the Interim Application, on or before 24th November 2025.
(c) The Interim Application shall now be placed on board for further consideration on 26th November 2025.
( FARHAN P. DUBASH, J. ) 7/7 ::: Uploaded on - 30/10/2025 ::: Downloaded on - 30/10/2025 21:17:35 :::