31 mn Star Health customers’ personal data leaked: What you need to know
Source: Business Standard
Personal data, including mobile numbers, PAN, addresses, and pre-existing medical conditions of around 31 million customers of Star Health Insurance, has reportedly been leaked online. The data is allegedly available on a website created by a hacker identified as xenZen, who claims that the company’s Chief Information Security Officer (CISO) sold the information to them directly but later changed the terms of their deal. The incident was brought to light on September 20 by UK-based researcher Jason Parker, who shared details of the data breach involving Star Health Insurance.
Hacker’s claims
Click here to connect with us on WhatsApp
The hacker, xenZen, accused Star Health Insurance of directly selling the sensitive data to them. “I am leaking all Star Health India customers and insurance claims sensitive data. This leak is sponsored by Star Health and Allied Insurance Company, who sold this data to me directly,” xenZen claimed in a statement on their website, news agency PTI reported.
According to the hacker, as reported by PTI, email communications between them and a senior company official support the claim that the data was sold to them. Screenshots of these emails have been shared publicly, revealing the discussions about the deal and its terms.
How the data leak deal unfolded
According to xenZen, the initial deal with Star Health’s CISO was for $28,000. However, the company official later raised the demand to USD 150,000, justifying the increase by stating that he needed to share the proceeds with senior management to continue leaking the data. The hacker claims that this led to the decision to make the data public.
Why Telegram is a preferred tool for data leaks
Telegram is a platform that enables individuals to share large volumes of data anonymously, making it a popular choice among hackers. It allows users to set up custom chatbots that can automatically respond to data requests. In this case, two Telegram bots are distributing Star Health’s data—one providing claim documents in PDF format, and the other offering detailed information from the customer database.
“Telegram has become a go-to platform for criminals because it provides an easy way to operate,” said NordVPN cybersecurity expert Adrianus Warmenhoven. “Its user-friendly interface has made it a natural choice for handling stolen data.”
Star Health Insurance’s response
Star Health Insurance has responded to these claims by stating that they have launched a comprehensive forensic investigation with the help of independent cybersecurity experts. The company says it is working closely with government and regulatory authorities to thoroughly investigate the incident.
“We also timely approached the Madras High Court which in the attached order has directed all, including certain third parties, to disable access to the relevant information. We are diligently pursuing the implementation of this order,” the company said in a statement.
Star Health emphasised that their CISO has been cooperating fully with the ongoing investigation, and so far, no evidence of wrongdoing has been found. They urged all digital platforms to take action against the illegal distribution of their customer data and comply with the court’s orders.
Legal action and court directives
The Madras High Court has acknowledged the severity of the breach and the need to prevent further leaks of sensitive data. The court referred the matter for further hearing on October 25 and issued orders to block access to the leaked information.
Meanwhile, the hacker has created Telegram bots that reportedly offer access to data of over 31.2 million customers, with details updated till July 2024, and insurance claims information available until early August. These bots allow users to request policy numbers, claim documents, and other sensitive data at the click of a button.
The wider trend of data breaches
Star Health’s data breach is part of a broader trend of using Telegram to sell stolen data. A survey by NordVPN at the end of 2022 revealed that India had the highest number of victims, accounting for 12% of the 5 million people whose data was sold through chatbots on the platform.
Consequences of the data breach
Data breaches like this one can have severe implications for individuals, increasing their risk of identity theft and online scams. Cybercriminals can exploit sensitive information to create fraudulent accounts or make unauthorised transactions, according to cybersecurity firm Meta Compliance. When personal details fall into the hands of hackers, individuals become vulnerable to a range of cybercrime.
With PTI inputs
First Published: Oct 10 2024 | 12:57 PM IST