The personal and insurance information of millions of Star Health Insurance customers is said to have been exposed and is purportedly being offered for sale.
An individual known as "xenZen" has claimed to have acquired 7.24 terabytes of sensitive data belonging to over 31 million customers and has listed it for sale on a website for $150,000. Smaller data sets of 100,000 entries each are also available for $10,000.
This security breach, affecting one of India's major health insurance providers, has raised significant concerns about data protection.
As per the hacker's post, the stolen data contains personal details such as names, PAN numbers, mobile numbers, email addresses, birthdates, residential addresses, policy numbers, pre-existing conditions, health card details, and other sensitive health information.
The hacker has even alleged that Star Health may have facilitated the leak by purportedly selling the data to them, although the company has strongly refuted these claims.
Star Health has acknowledged the cyberattack in a statement, characterising it as a "targeted malicious attack" and confirming that a thorough forensic investigation is in progress.
The insurer has enlisted the support of independent cybersecurity professionals to aid in the investigation and is working closely with government and regulatory entities, including insurance and cybersecurity authorities.
Furthermore, the company has filed a criminal complaint and a lawsuit against both the hacker and the messaging platform Telegram, where sections of the leaked data were allegedly initially shared.
“We wish to clarify that our operations are fully functional, and services to customers remain unaffected. A thorough investigation is being led by our cybersecurity team, and we continue to work in conjunction with authorities to ensure that customer data remains protected,” said Star Health in its statement.
The company stressed that any unauthorised manipulation or sharing of customer data is against the law, and urged respect for privacy as the inquiry progresses.
To confirm the breach, the hacker has set up two chatbots on the website, enabling users to access portions of the data by interacting with the bots.
However, the company cautioned the public that accessing this leaked information is illegal and could result in severe repercussions.
Follow us
