Over 31 million clients of Star Health Insurance, one of the top health insurers in India, had their personal information compromised in one of the biggest cybersecurity disasters in the country’s history. Names, addresses, phone numbers, tax information, and even medical records are among the stolen data. According to reports, a hacker was involved in the breach and stated that Amarjeet Khanuja, the Chief Information Security Officer (CISO) of Star Health, sold the data for $15,000. Menlo Ventures venture capitalist Deedy Das sparked a storm on social media by publishing an alleged email exchange between Khanuja and the hacker.
Data breach and allegations
According to reports, the hacker responsible for the incident sold individuals access to policy details, claims data, and even medical diagnoses over Telegram chats. According to Das’ post on X (formerly Twitter), the hacker accused Khanuja of attempting to profit from the data sale. Screenshots of the email exchange shared by X user @leading_nowhere claim that Star Health employees even offered illegal API access to customer medical records, which were originally priced at $43,000, before senior management raised the demand to $150,000.
Star Health has made it clear that their Chief Information Security Officer (CISO) has been completely compliant with the current inquiry and that, as of yet, there is no proof of any misconduct against him.
A senior company official’s email address was made public through a video of an email exchange. The video also revealed conversations on the conditions of the agreement between the official and a hacker known only as xenZen, conducted via email and instant messaging services.
Claiming that US-based software company Cloudflare and messaging app Telegram were complicit in the data theft, Star Health Insurance had already sued both of them. A provisional injunction was just issued by the Madras High Court, directing Telegram to stop any chatbots that disseminate the compromised data. On October 25, the court is scheduled to hold a follow-up session as Star Health and law enforcement continue to work on the matter.
What Was Leaked?
Together with more private information like tax returns, ID card copies, test results, and medical diagnoses, the stolen material also contained personal information like names, phone numbers, and addresses. While acknowledging the incident, Star Health played down its seriousness, telling clients that there was “no widespread compromise” and that their data was safe.
Star Health is coming under increasing pressure over its data protection procedures as a result of this incident, which raises serious issues about client privacy.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
