Hacked: Data Breach of 3.1 Crore Star Health Users, Bank Details at Risk?
Hacked: Data Breach of 3.1 Crore Star Health Users, Bank Details at Risk?
In a significant data breach, the personal information of approximately 3.1 crore users of Star Health and Allied Insurance has been leaked and put up for sale by hackers. The breach, confirmed by the company on October 9, exposed sensitive personal information, including phone numbers, addresses, tax details, ID cards, test results, and medical diagnosis reports. The stolen data has been made available for purchase on a hacker website for $150,000 (around ₹1.25 crore).
The hackers reportedly used Telegram chatbots to share samples of the stolen data but Telegram took down the chatbots after marking them as scams. However, the hackers then set up a website to continue selling the data. In a bold claim on the website, the hackers accused Star Health’s Chief Information Security Officer (CISO) of directly selling the data to them.
Star Health has denied any findings of wrongdoing by their CISO, Amarjeet Khanuja.
Star Health, headquartered in Chennai, provides health insurance to over 17 crore Indians and operates a vast network of hospitals and offices across the country. The company has assured that its operations remain unaffected by the breach and is conducting a forensic investigation with the help of independent cybersecurity experts. They are also working closely with government and regulatory bodies and have filed a criminal complaint.
The insurance provider has taken legal action against Telegram for hosting the chatbots used to sell the stolen data and accused US-based company Cloudflare of hosting the hackers’ websites. Cloudflare, however, denied hosting the domains in question.
Customers are advised to monitor their accounts for suspicious activity and ensure their personal information is secure as the investigation continues. Star Health remains committed to resolving the issue swiftly.
