In a shocking revelation, a major data breach has come to light, exposing the personal details of approximately 3.1 crore customers of Star Health Insurance. The leaked information includes mobile numbers, PAN information, addresses, and sensitive health data. Allegations suggest that the hack is tied to a hacker known as xenZen, who claims the data is accessible via a specially created website.
The situation escalated when UK-based cybersecurity researcher Jason Parker brought the incident to public attention. He revealed that xenZen had published sample data from Star Health Insurance and provided evidence of corresponding email exchanges with a top official involved in the company's digital security. "I am leaking all Star Health India customers and insurance claims sensitive data. This leak is sponsored by Star Health and Allied Insurance Company, who sold this data to me directly," xenZen declared.
In a determined response, Star Health announced that an extensive forensic investigation is underway, led by independent cybersecurity experts. "We are conducting a thorough investigation in close cooperation with government and regulatory authorities," said a representative from Star Health in a company statement.
"We are conducting a thorough investigation in close cooperation with government and regulatory authorities,"
Simultaneously, Star Health has approached the Madras High Court, seeking legal intervention. The court has responded by ordering all parties involved, alongside certain third parties, to disable access to the leaked information. "We are diligently pursuing the implementation of this order," the company affirmed.
"We are diligently pursuing the implementation of this order,"
Star Health’s spokesperson further noted that their Chief Information Security Officer is cooperating with the ongoing investigation, emphasizing that no conclusion of wrongdoing has been reached against him so far.
Impact and Legacy
The company condemned the unauthorized acquisition and distribution of customer data, labeling such actions as illegal. They appealed to platforms and users to promptly act to cease these activities, aligning with the court's directives.
The Madras High Court acknowledged the critical need for safeguarding sensitive information and has scheduled further hearings on the crisis for October 25.
Career Journey
Career Journey
Career Journey
According to xenZen, he has set up Telegram bots that provide access to data on 31,216,953 customers and 5,758,425 claims filed with Star Health up until early August. The hacker also shared video evidence of an email thread with a senior official at Star Health, revealing a transaction that allegedly started with an offer of $28,000 for the data, but later escalated to a demand for $150,000. The official reportedly claimed that the increased sum would be necessary to compensate senior management for allowing the data leak.
The breach raises significant concern regarding the vulnerability of personal information, as exposed details can lead to increased risks of online scams and fraud. This incident underscores the urgent necessity for improved cybersecurity practices and ethical management of customer data, particularly within the insurance sector.