Star Health Insurance has reported that a cyberhacker has demanded a ransom of $68,000 in connection with a significant breach of customer data, which includes sensitive personal information and medical records. According to a Reuters report, hackers have exploited the company’s data using chatbots on the messaging platform Telegram.
In response to the breach, Star Health has initiated legal proceedings against both the hacker and Telegram. Telegram has suggested that Star Health may be attempting to shift responsibility for the incident, questioning whether blaming intermediaries has become a common practice in data breach cases.
On September 27, 2024, Telegram announced that it had deleted the original bots that were distributing this sensitive data upon discovery. The platform indicated that any new bots created to disseminate this information were likely removed as part of a broader effort to eradicate harmful content, which has reportedly led to the removal of around 90 percent of such content from its platform.
The breach reportedly involves personal data—such as mobile numbers, addresses, and pre-existing medical conditions—of over 31 million customers. Allegations surfaced on September 20, 2024, claiming that a senior official within Star Health sold this information.
UK-based researcher Jason Parker reported that a hacker known as xenZen created a website showcasing sample data from Star Health, which included email exchanges with a senior official responsible for managing the company’s digital network. The hacker’s website proclaimed, “I am leaking all Star Health India customers and insurance claims sensitive data. This leak is sponsored by Star Health and Allied Insurance Company, which sold this data to me directly. You can check the authenticity of the data in the Telegram bots below and read about how they sold it in the section below.”
The hacker developed Telegram bots to access data from 31,216,953 customers, updated through July 2024, as well as 5,758,425 claims available until early August. Furthermore, the hacker alleged that Star Health’s Chief Information Security Officer (CISO) had sold the data before attempting to alter the terms of their arrangement.
On October 3, 2024, Parker reported that the hacker has since hosted their data leak bots independently, complicating efforts to permanently remove the information.
In a statement, Star Health clarified that a comprehensive forensic investigation, led by independent cybersecurity experts, is currently underway. The company emphasized its cooperation with government and regulatory authorities throughout the investigation.
Star Health also mentioned that it has sought assistance from the Madras High Court, which has directed all parties, including specific third parties, to disable access to the pertinent information. The company reassured stakeholders that the CISO has been fully cooperating with the investigation and noted that no findings of wrongdoing have been made against him to date.