Technical News Office –Star Health, one of the nation’s largest health insurance companies, faces a significant threat to its customers. In fact, the data of over 31 million (3.1 crore) customers of the company was stolen. Today, the company itself admitted that the data was stolen. Star Health said it was the target of a malicious cyberattack, which led to hackers illegally accessing “certain data.” The incident was first reported last month, but at the time the company declined to comment pending an internal investigation. The company is said to have now filed a formal criminal complaint and informed insurance and cybersecurity regulators. It is worth noting that a report claims that hackers used the Telegram chatbot to leak company data.
Star Health confirms data breach
In a statement to TechCrunch, Star Health said it had indeed been targeted in a data breach incident. The company has now admitted the incident, almost two weeks after its first statement. The Chennai-based insurer also revealed that the hackers were able to access “some data”. However, it reportedly did not disclose details about the customer data breach. Star Health reportedly said a forensic investigation into the incident was underway, led by independent cybersecurity experts. The company would work closely with the government and regulatory authorities at every stage of the investigation. The publication quotes the company as saying that relevant cybersecurity and regulatory authorities have also been informed.
Data leaked via Telegram
Last month, Star Health suffered a massive data breach following a cyberattack. According to the report, personal data of over 31 million (around 3.1 crore) policyholders along with over 5.8 million insurance claims were stolen by hackers. Later, the data was leaked through the messaging platform Telegram. Hackers are said to have used autonomous chatbots on the platform to leak data. The stolen data included information such as names, emails, phone numbers, PAN numbers, addresses, dates of birth, tax details, copies of ID cards, police numbers, test results and medical diagnoses.
Days later, Star Health filed a lawsuit against Telegram for allegedly helping it leak the company’s sensitive data. The Madras High Court has ordered the instant messaging platform to block all chatbots and websites in India that make data available online. Additionally, Star Health has also filed a lawsuit against software giant Cloudflare for allegedly providing services to websites hosting the leaked data.
Size of stolen data 7.24 TB
The sensitive data of millions of customers is said to have been stolen in the Star Health data breach. The stolen data was sold online. According to a report, an alleged hacker known as xenZen claims to have accessed 7.24 TB of data of over 31 million customers, and the data was allegedly put on sale for $1,50,000. Additionally, smaller datasets containing 100,000 customer records were listed at $10,000 per set.
Hackers accuse company official of selling data
The hacker also alleged that Amarjit Khanuja, head of information security at Star Health, “sponsored” the data leak and sold the information directly to them. According to the report, Khanuja sold sensitive information of around 31 million Indian customers, including their salary and PAN card details, to Zenzen for $43,000.