Business News
Personal data of Star Health customers up for sale online; hacker alleges top official for breach
3 min read | Updated on October 10, 2024, 17:15 IST
SUMMARY
Clarifying the matter, Star Health Insurance in a statement said that a thorough and rigorous forensic investigation, led by independent cybersecurity experts is underway, and the company is working closely with government and regulatory authorities at every stage of this investigation.
Stock list
The hacker has created Telegram bots to access the data of the customers and claims of the company
Personal data like mobile numbers, PANs, addresses and pre-existing medical conditions of many customers of Star Health Insurance is allegedly available on a website created by a hacker identified as xenZen.
The hacker claimed that Star Health's Chief Information Security Officer (CISO) sold all the data and later tried to change the terms of their deal.
According to the details shared by the UK-based researcher Jason Parker on September 20, a hacker by the name of xenZen has published a website with sample data of Star Health Insurance Company and an email communication with a top official responsible for handling and managing the digital network of the company.
"I am leaking all Star Health India customers and insurance claims sensitive data. This leak is sponsored by Star Health and Allied Insurance Company, who sold this data to me directly," xenZen claimed.
Clarifying the matter, Star Health Insurance in a statement said that a thorough and rigorous forensic investigation, led by independent cybersecurity experts is underway, and the company is working closely with government and regulatory authorities at every stage of this investigation.
"We also timely approached the Madras High Court which in the attached order has directed all including certain third parties to disable access to the relevant information. We are diligently pursuing the implementation of this order," it said.
The company categorically mentioned that the CISO has been duly cooperating in the investigation and has not arrived at any finding of wrongdoing by him to date.
"We also want to emphasise that any unauthorised acquisition, possession, or dissemination of customer data is illegal. We urge all platforms, hosting companies, social media channels and users to take swift and decisive action to halt such activities and comply with the orders of the High Court," it said.
Meanwhile, the Madras High Court has observed that protection is vital to prevent the continuous leakage of such sensitive data and referred the matter for further hearing on October 25.
The hacker has created Telegram bots to access the data of the customers and many claims of the company.
The email conversation video showed the email ID of the senior company official. The conversation video shows an email chat as well as a chat on an instant messaging forum between xenZen and the company official for the deal.
The deal was initially finalised for $28,000 but later the official demanded $150,000 on the pretext that he has to pay a share to senior-level management for the continuation of the data leak, the hacker alleged.
Any leak of personal details of people makes them vulnerable to online scams.
About The Author
Next Story
