• A hacker, xenZen, claims to sell data from Star Health, one of India's largest health insurers, containing sensitive information of over 3.1 crore customers.
• The data breach was first noticed when Star Health customer data was found on Telegram, and now the entire data is for sale on a website.
• The hacker alleges that the leak was sponsored by Star Health and Allied Insurance Company, who supposedly sold the data directly to him.
• Star Health has reported the alleged unauthorized data access to local authorities and filed a lawsuit against Telegram and the hacker, but has not yet commented on the hacker's fresh claims via his website.

In a shocking revelation, a hacker, known by the pseudonym xenZen, has claimed to be selling a massive data trove allegedly belonging to Star Health, one of India's largest health insurers. The data, amounting to 7.24 terabytes, is said to contain sensitive information of over 3.1 crore customers of the insurance company. The hacker has put up the entire data for sale on a website for a staggering $150,000.

The data breach was first reported when customers' data of Star Health was found available on the messaging platform, Telegram. The hacker has now escalated the situation by offering the entire data for open sale on a website. The sale also includes a parts sale option, where 100,000 entries can be purchased for $10,000.

The data allegedly includes insurance claims data of 57,58,425 Star Health customers up until early August 2024, along with 31,216,953 customers up until July.

Hacker's Bold Claims and Star Health's Response

The hacker, whose whereabouts remain unknown, has made a bold claim on the website, stating, "I am leaking all Star Health India customers and insurance claims sensitive data. The hacker further claimed that the leak was sponsored by Star Health and Allied Insurance Company, who allegedly sold the data directly to him. The authenticity of the data can be checked via Telegram bots, according to the hacker.

The data is being sold via two separate and active chatbots on the website. The alleged data can be viewed after pressing the start button on the bots.

In response to the initial reports of the data breach, Star Health and Allied Insurance had reported an alleged unauthorized data access to local authorities. An initial assessment by the company showed no widespread compromise, and they assured that sensitive customer data remains secure.

Following the first reports of the data leak, Star Health filed a lawsuit against Telegram and the hacker. The insurance company characterized the cyber incident as illegal hacking and unauthorized access to sensitive information. However, Star Health has not yet commented on the hacker's fresh claims via his website.

Historical Similar Events and Further Developments

This incident is reminiscent of similar historical events where large corporations have fallen victim to data breaches. In such cases, the hackers often demand a ransom or sell the data to the highest bidder, leading to severe consequences for the affected individuals and the companies involved.

In a surprising twist, the hacker has claimed that the Chief Information Security Officer (CISO) of Star Health, Amarjeet Khurana, provided the data. This claim raises questions about the internal security measures of the company and the potential involvement of insiders in the data breach.

The incident has also brought the role of Cloudflare, a U.S. software firm, under scrutiny. The firm has denied any role in hosting the two websites run by the hacker offering for sale the stolen personal data and medical records of customers of Star Health.

The data leak incident has also led to a lawsuit against Telegram, the platform where the data was initially found. The platform has been under fire for its content moderation policies, and this incident has further intensified the scrutiny.

In conclusion, the Star Health data leak incident has raised serious concerns about data security and privacy. It underscores the need for stringent cybersecurity measures and robust data protection policies to safeguard sensitive customer data. As the investigation continues, it remains to be seen how the situation will unfold and what measures will be taken to prevent such incidents in the future.

Reset