Hacker 'selling' 3.12 cr Star Health customers’ data for $150K, company responds


New Delhi, Oct 9 (IANS): After reports surfaced that customers' data of Star Health, one of the largest health insurers in the country, was available on Telegram, a hacker has now put the entire 7.24 TB data, allegedly belonging to its over 3.1 crore customers, for open sale on a website for $150,000.

The company on Wednesday said a thorough forensic investigation is underway into the "targeted malicious cyberattack".

The sale, which also offers "parts sale for 100,000 entries each for $10,000", contains alleged insurance claims data of 57,58,425 Star Health customers (till early August 2024), along with 31,216,953 customers (till July), claimed the hacker.

The hacker, who goes by the name “xenZen” and whose whereabouts are not known, wrote on the website that "I am leaking all Star Health India customers and insurance claims sensitive data."

"This leak is sponsored by Star Health and Allied Insurance Company, who sold this data to me directly. You can check the authenticity of the data in the Telegram bots below and read about how they sold it," the hacker claimed.

The leaked data allegedly contains full names, PAN numbers, mobile numbers, emails, date of birth, residential addresses, insured date of birth, insured names, gender, pre-existing diseases, policy numbers, health cards, nominee names, age, claims, nominee relationship, insured height, weight, BMI and more.

The hacker is selling the alleged data via two separate and active chatbots on the website. One can see the alleged data after pressing the start button on the bots.

In a statement to IANS, Star Health Insurance said they were the victim of a targeted malicious cyberattack, resulting in unauthorised and illegal access to certain data.

"We make it absolutely clear that our operations remain unaffected, and all services continue without disruption. A thorough and rigorous forensic investigation, led by independent cybersecurity experts is underway, and we are working closely with government and regulatory authorities at every stage of this investigation, including by duly reporting the incident to the insurance and cybersecurity regulatory authorities, apart from filing a criminal complaint," said the insurer.

The company further stated that "our CISO has been duly co-operating in the investigation and we have not arrived at any finding of wrongdoing by him till date. We request that his privacy be respected as we know that the threat actor is trying to create panic".

"We also want to emphasise that any unauthorised acquisition, possession, or dissemination of customer data is illegal," the company added.

After the data leak was first reported, insurer Star Health had filed a lawsuit against the social media platform Telegram and the hacker.

 

 

  

Top Stories

Comment on this article

  • Sense_shetty, Kudla

    Thu, Oct 10 2024

    It’s no surprise I received calls from Care Insurance just as my Star Health Insurance was about to expire—data protection in India is almost laughable. This is where countries like the USA truly stand out; their standards for corporate and institutional fairness and accountability are unmatched. Meanwhile, in India, even the SEBI chairperson has been linked to insider trading

    DisAgree Agree [1] Reply Report Abuse

  • Bobato Charlie, Mangalore

    Wed, Oct 09 2024

    Star Health Insurance has allowed customer data to be compromised and have the audacity to say: "We make it absolutely clear that our operations remain unaffected, and all services continue without disruption. A thorough and rigorous forensic investigation, led by independent cybersecurity experts is underway, and we are working closely with government and regulatory authorities at every stage of this investigation, including by duly reporting the incident to the insurance and cybersecurity regulatory authorities, apart from filing a criminal complaint," A Class Action suit needs to be filed against Star Health Insurance in the interest of its customers!

    DisAgree Agree [2] Reply Report Abuse


Leave a Comment

Title: Hacker 'selling' 3.12 cr Star Health customers’ data for $150K, company responds



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.