A massive breach of Star Health data affecting 31 million customers
Star Health Insurance, one of India's leading health insurers, is allegedly facing a massive data breach. Sensitive personal and insurance details of millions of customers have reportedly been compromised.
Star Health Insurance, one of India's leading health insurers, is allegedly facing a massive data breach. Sensitive personal and insurance details of millions of customers have reportedly been compromised. The stolen data is reportedly on sale online. A hacker who reportedly goes by xenZen claims to have accessed 7.24TB of data related to over 31 million customers, and has allegedly listed the data for sale for $150,000. Additionally, smaller data sets containing 100,000 customer records are offered for $10,000 each. This breach has sparked significant concerns over data protection and security in the country.
The hacker claims that the stolen data from Star Health includes highly sensitive information such as customers' names, PAN numbers, mobile numbers, email addresses, birthdates, residential addresses, policy numbers, details of pre-existing conditions, health card numbers, and other confidential medical records.
In a bold accusation, the hacker also alleged that Star Health Chief Information Security Officer (CISO) Amarjeet Khanuja "sponsored" the data leak by purportedly selling the information directly to them. According to reports, Khanuja sold the sensitive information of around 31 million Indian customers, including salary and PAN card details, to xenZen for $43,000.
Meanwhile, Star Health has strongly refuted these claims, denying any involvement in the breach or the sale of customer data. The company describes it as a "targeted malicious attack". “We wish to clarify that our operations are fully functional, and services to customers remain unaffected. A thorough investigation is being led by our cybersecurity team, and we continue to work in conjunction with authorities to ensure that customer data remains protected,” Star Health said in a statement.
Star Health has confirmed that it has launched an extensive forensic investigation, enlisting independent cybersecurity specialists to aid in the process. Star Health is also working closely with government and regulatory agencies, including insurance and cybersecurity authorities, to address the situation. The insurer has filed both a criminal complaint and a lawsuit against the hacker and the messaging platform Telegram, where portions of the stolen data were allegedly first shared.
What's Your Reaction?