Introduction

In August [4] [5], Star Health and Allied Insurance Company faced a significant data breach, exposing sensitive customer information [2] [5]. This incident involved unauthorized access to personal data through chatbots on Telegram and various websites, attributed to a targeted cyberattack by the hacker group xenZen.

Description

In August [4] [5], Star Health and Allied Insurance Company experienced a significant data breach that exposed sensitive customer information, including medical records and biometric ID cards, through chatbots on Telegram and various websites [4] [5]. The company confirmed that it was a victim of a targeted malicious cyberattack, which resulted in unauthorized access to certain data [1]. The hacker group [2] [3] [4], known as xenZen [3], claimed to have obtained 7.24 terabytes of data from over 31 million customers [3], including Personally Identifiable Information (PII) such as names [3], phone numbers [3], addresses [3], tax details [2] [3], and medical diagnoses [3]. They demanded a ransom of $68,000 to prevent further leaks, contributing to an 11% drop in Star Health’s stock since the initial report.

Star Health reported the unauthorized access to local authorities and initiated an independent forensic investigation into the incident. This investigation cleared Chief Information Security Officer Amarjeet Khanuja of any wrongdoing [1], finding no evidence of collusion or communication between him and the hacker, and concluding that the hacker’s claims were fabricated. Despite the breach [1], Star Health maintained that there was no widespread compromise of their systems and that sensitive customer data remained secure [3].

Legal action has been sought against Telegram and Cloudflare in an Indian court to remove the compromised content from online platforms [5]. During a court hearing [2], Telegram asserted that it cannot monitor all hosted accounts to detect leaked customer data [2], claiming that broad oversight would violate Indian legal standards. However, the platform agreed to delete flagged data if provided with specific information [2]. The Madras High Court has directed Star Health to supply Telegram with details of the problematic chatbots for immediate blocking [2]. On October 25 [3], the court ordered Telegram to remove the chatbots created by xenZen, which had provided samples of the allegedly obtained data and offered to sell the complete dataset for $150,000. The compromised websites and Telegram chatbots used by the hacker have since been taken down [4], and the investigation is ongoing [2], with the case set to resume in two weeks [2]. Following the incident [1] [6], the risk management committee discussed additional measures to enhance the firm’s information security standards [1].

Conclusion

The data breach at Star Health and Allied Insurance Company underscores the critical need for robust cybersecurity measures. The incident led to a significant drop in the company’s stock value and prompted legal actions to mitigate further risks. The ongoing investigation and court directives highlight the importance of collaboration between companies and legal entities to address cyber threats. Moving forward, Star Health’s commitment to enhancing information security standards will be crucial in preventing future breaches and maintaining customer trust.

References

[1] https://www.livemint.com/companies/news/star-health-insurance-clears-its-chief-security-officer-of-alleged-wrongdoing-in-data-leak-incident-11730123970932.html
[2] https://digitalmarketreports.com/news/28377/telegram-pushes-back-on-monitoring-chatbots-in-star-health-data-leak-case/
[3] https://www.medianama.com/2024/10/223-star-health-ciso-cleared-of-collusion-in-massive-data-breach-investigation/
[4] https://legal.economictimes.indiatimes.com/news/corporate-business/star-health-absolves-security-chief-in-data-leak-incident/114697474
[5] https://www.isss.org.uk/news/star-health-insurance-absolves-security-chief-in-data-leak-incident/
[6] https://www.thestar.com.my/news/nation/2024/10/28/stricter-steps-needed-to-curb-data-breaches