Star Health Insurance Faces Significant Data Breach

India News
Star Health Insurance Faces Significant Data Breach

Published:

Reading time: 3 min.

Star Health Insurance Data Breach: A Deep Dive into the Scandal

India’s leading health insurer, Star Health Insurance, is currently facing a significant scandal involving an alleged massive data breach. Reports indicate that sensitive personal and insurance information belonging to millions of customers has been compromised, raising alarm bells about data security and privacy within the insurance sector. This incident underscores the urgent need for stringent Personal Data Protection Rules in India.

The Breach: A Shocking Revelation

The hacker, known as xenZen, has made alarming claims regarding the scale of the breach. According to their assertions, approximately 7.24TB of data related to over 31 million customers has been unlawfully accessed and is reportedly available for sale online. The hacker is allegedly seeking a hefty price of $150,000 for a large amount of customer data, while smaller subsets containing 100,000 customer records are being offered for $10,000 each. This incident has ignited widespread concerns over the protection of personal data and the security protocols implemented by companies in India.

Nature of Compromised Data

The data allegedly stolen in this breach includes highly sensitive information. Reports suggest that the compromised data encompasses names, Permanent Account Numbers (PAN), mobile numbers, email addresses, birthdates, residential addresses, and policy numbers. More troubling is the inclusion of details regarding pre-existing medical conditions, health card numbers, and other confidential medical records. The potential misuse of such information could lead to severe consequences for individuals whose data has been compromised, including identity theft and financial fraud.

Allegations Against Star Health’s CISO

Adding another layer of complexity to this scandal, the hacker has made shocking accusations against Amarjeet Khanuja, the Chief Information Security Officer (CISO) of Star Health. The hacker claims that Khanuja actively facilitated the data leak by allegedly selling sensitive customer information directly to them. Reports suggest that Khanuja sold the sensitive data of around 31 million Indian customers, including their salary details and PAN card information, for $43,000.

Chronology of Events

The timeline of the alleged data breach and the accusations against Khanuja is both intricate and alarming:

  • July 6, 2024: Khanuja reportedly contacted the hacker xenZen through the encrypted chat application Tox, facilitated by a middleman known as denol.
  • Initial Agreement: They allegedly reached an agreement for a payment of $28,000 in Monero, a type of cryptocurrency, in exchange for customer data.
  • Data Access: Khanuja purportedly provided login credentials and API details via ProtonMail, allowing the hacker to access the data. After the payment was made, the hacker reportedly received the customer data.
  • July 20, 2024: Khanuja allegedly offered additional data for an extra $15,000, repeating the earlier process for this transaction.
  • Access Revocation: Five days later, the hacker’s access was revoked. In response, Khanuja purportedly demanded $150,000, claiming that senior management of Star Health wanted a share of the profits.
  • Data Listing: When the hacker refused to meet Khanuja’s demands, they listed the stolen data for sale online. By September 25, a website named starhealthleak was reportedly launched, offering customer and claims data through Telegram bots.

Star Health’s Response

In light of these serious allegations, Star Health has vehemently refuted claims of any wrongdoing. The company has denied involvement in the data breach, labeling the incident as a “targeted malicious attack.” A spokesperson for Star Health assured the public that their operations remain fully functional and that customer services have not been affected by the breach.

In an official statement, Star Health emphasized, “We wish to clarify that our operations are fully functional, and services to customers remain unaffected. A thorough investigation is being led by our cybersecurity team, and we continue to work in conjunction with authorities to ensure that customer data remains protected.”

The company has confirmed that it has initiated an extensive forensic investigation into the matter, enlisting the help of independent cybersecurity specialists to analyze the breach and identify its sources. Star Health is also collaborating closely with government and regulatory agencies, including those responsible for insurance and cybersecurity, to tackle the situation effectively. Furthermore, the company has filed a criminal complaint and a lawsuit against the hacker and the messaging platform Telegram, where portions of the stolen data were reportedly first shared.

Conclusion

The Star Health Insurance data breach is a stark reminder of the vulnerabilities that exist in the digital age, particularly in sectors that handle sensitive personal information. As the investigation unfolds, it highlights the pressing need for robust data protection measures and regulations to safeguard consumer information. The implications of this breach extend beyond Star Health, serving as a wake-up call for the entire insurance industry in India to prioritize data security and privacy.

Related articles

Recent articles

Latest news

© 2024 BasicFundas.com [ CYBERSECURITY NEWS UPDATES ] All Rights Reserved.