This week, Star Health Insurance, one of India’s most well-known health insurers, experienced a significant data leak that may have jeopardized the information of 31 million clients. Everything that has transpired in the case thus far is listed here.
Star Health Insurance, one of the most well-known health insurers in India, experienced a significant data breach this week. The business admitted to the hack and stated that they were looking into it. 31 million consumers’ personal information may have been compromised as a result of the purported data leak, according to reports. It appears that the compromised data is also on sale online. To make matters worse, the case gets much more complicated. There are allegations that the company’s chief information security officer (CISO) may have contributed to the data breach. The business disputes these allegations categorically. In a brief five-point summary of the case, the following is what is happening:
5 key points in the Star Health Insurance data breach
–Massive data breach hits Star Health Insurance
One of the biggest health insurers in India, Star Health Insurance, is accused of experiencing a serious data breach that exposed the private information and insurance coverage of more than 31 million clients. According to reports, the hacker, who goes by the handle xenZen, obtained 7.24TB of data and is selling it online for $150,000. According to reports, smaller batches of 100,000 documents are available for $10,000 apiece.
–Sensitive customer information stolen
Customer names, PAN numbers, cellphone numbers, email addresses, policy details, birthdates, and private medical records are among the allegedly exposed data. Significant worries have been raised by this hack over the security of personal information and the susceptibility of health data in India.
–Allegations against Star Health’s CISO
The hacker made the audacious allegation that Amarjeet Khanuja, the CISO of Star Health, enabled the theft by reportedly selling the data directly for $43,000. Whistleblower Deedy Das claims that Khanuja initially contacted xenZen over the encrypted app Tox, exchanging login passwords and API details for cryptocurrency. Before their relationship deteriorated, the two allegedly engaged in a number of transactions.
–Star Health denies allegations
Star Health Insurance has denied any internal involvement in the data leak, referring to it as a “targeted malicious attack.” Customers were reassured in their official statement that their services are still available and that a thorough investigation is being conducted. To protect consumer data, the insurance is collaborating with regulatory agencies and cybersecurity specialists.
–Legal action and forensic investigation launched
Star Health has filed a criminal complaint, including legal action against the hacker and Telegram, where some of the stolen data were allegedly transferred, and has started a forensic investigation into the breach. To lessen the harm and stop additional data abuse, the business is also working with governmental and regulatory organizations.