New Delhi: Star Health customers’ data is available on Telegram, a hacker claims. According to an IANS report, the hacker has put the entire 7.24TB data belonging to over 3.1 crore customers for open sale on a website for $150,000 (approx. Rs 57.5 lakh). The insurance company has confirmed the cyber attacks stating that a thorough forensic investigation is underway into the “targeted malicious cyberattack“. The hacker claims that the data is sponsored by Star Health and Allied Insurance Company, who sold this data to him.
Hackers selling Star Health customers’ data
The hacker claims to be offering “parts sale for 100,000 entries each for $10,000”, containing alleged insurance claims data of 57,58,425 Star Health customers (till early August 2024), along with 31,216,953 customers (till July).
The hacker, who goes by the name “xenZen” wrote on the website that “I am leaking all Star Health India customers and insurance claims sensitive data.”
“This leak is sponsored by Star Health and Allied Insurance Company, who sold this data to me directly. You can check the authenticity of the data in the Telegram bots below and read about how they sold it,” the hacker claimed.
What the hacked data contains
The leaked data allegedly contains full names, PAN numbers, mobile numbers, emails, date of birth, residential addresses, insured date of birth, insured names, gender, pre-existing diseases, policy numbers, health cards, nominee names, age, claims, nominee relationship, insured height, weight, BMI and more.
What the company said
In a statement to IANS, Star Health Insurance confirmed that the company has fallen victim to a targeted malicious cyberattack, resulting in unauthorised and illegal access to certain data.
Star Health Insurance said: “We make it absolutely clear that our operations remain unaffected, and all services continue without disruption. A thorough and rigorous forensic investigation, led by independent cybersecurity experts is underway, and we are working closely with government and regulatory authorities at every stage of this investigation, including by duly reporting the incident to the insurance and cybersecurity regulatory authorities, apart from filing a criminal complaint”.
The company further added” “our CISO has been duly co-operating in the investigation and we have not arrived at any finding of wrongdoing by him till date. We request that his privacy be respected as we know that the threat actor is trying to create panic”.
“We also want to emphasise that any unauthorised acquisition, possession, or dissemination of customer data is illegal.”
After the data leak was first reported, insurer Star Health had filed a lawsuit against the social media platform Telegram and the hacker.
