Cyber Crime
CEO Must Be Held Accountable: Star Health Insurance Hacked, 3.1 Crore Sensitive Customer Records for Sale on Telegram
A major hacking incident has targeted Star Health, one of India’s largest health insurance providers, compromising the personal details of over 31 million customers. The stolen data, which includes sensitive medical records, has been made accessible to the public through chatbots on the Telegram messaging app.
As reported by Reuters, the compromised data is available for free via Telegram chatbots. The founder of these chatbots was recently arrested for allegedly enabling criminal activities on the platform.
How Hackers are Distributing the Stolen Data on Telegram
The report identifies a user, “xenZen,” who created chatbots that allow users to access and download various documents, such as policy details, claims information, and medical diagnoses. Reuters verified the extent of the breach by downloading over 1,500 files, which contained personal information, including names, phone numbers, addresses, tax records, copies of ID cards, test results, and medical diagnoses of Star Health customers.
ALSO READ: Join The Movement: Registration Open for ‘Cyber Safe Uttar Pradesh’ Event by FCRF on October 17
Some of these documents were dated as recently as July 2024. UK-based security expert Jason Parker, who posed as a potential buyer on a hacker forum, found that a user under the alias “xenZen” claimed to have developed the chatbots and possessed a staggering 7.24 terabytes of data.
A message from the forum warned: “If this bot gets taken down, watch out, and another one will be made available in a few hours.”
Although Telegram initially removed the compromised chatbots after being alerted by Reuters, new bots offering Star Health’s data soon emerged. These new bots were labeled with warnings like “SCAM” after being flagged as suspicious by users.
Telegram spokesperson Remi Vaughn addressed the situation, stating, “Sharing private information on Telegram is strictly prohibited and is removed whenever detected. Moderators employ a mix of proactive monitoring, AI tools, and user reports to eliminate millions of pieces of harmful content daily.”
ALSO READ: Don’t Miss FCRF’s Round Table on CryptoCrime, Regulation, and Blockchain Forensics on September 23
Response from Star Health
Star Health has acknowledged the data breach and is cooperating with law enforcement to investigate the matter. The company noted that an initial assessment revealed “no widespread compromise” and assured that “sensitive customer data remains secure.”
In a statement, the insurer emphasized, “The unauthorized acquisition and sharing of customer data is illegal. We are actively working with law enforcement to address this criminal activity. Star Health assures its customers and partners that their privacy is of utmost importance to us.”
The company continues to prioritize securing customer information as it addresses the breach.