Winning Bizness Desk

Mumbai – A massive data breach at Star Health and Allied Insurance has surfaced, with a hacker claiming to have sensitive personal information of over 31 million customers. This development comes just weeks after the company filed a lawsuit against the social media platform Telegram and an unidentified hacker over the alleged data leak. On Wednesday, a new website was launched by a hacker identified as "xenZen," where the stolen data was reportedly put up for sale.

The hacker claims to possess highly sensitive information, including customers' PAN details, home addresses, and other personal data. This data is allegedly being sold for 150,000 dollars. On the website, the hacker stated, "I am leaking sensitive data of all customers and insurance claims of Star Health India," adding that the company itself allegedly sold the data directly to him. The website further provides a preview of more than 500 random data samples, which include details of government officials and ordinary citizens, such as email addresses, residential addresses, policy details, and mobile numbers. Smaller packages of 100,000 entries are being offered for $10,000, with an option to negotiate custom deals.

Accusations Against Star Health's CISO

The hacker also accused Star Health’s Chief Information Security Officer (CISO), Amarjeet, of being involved in the data sale. He claimed that Amarjeet initially sold the data but later attempted to alter the terms of their agreement. The hacker alleges he has video evidence of chats and emails with Amarjeet to support his claim.

Lawsuit Filed

This breach comes on the heels of Star Health’s legal action filed on September 26 against Telegram and the hacker, accusing them of leaking company data through the messaging app. The lawsuit points to "xenZen," the same hacker now involved in the current scandal. The extent to which the lawsuit and the newly surfaced website are linked remains unclear, but the hacker has been identified by the same pseudonym in both instances.

Data Security Concerns

The breach has raised significant concerns about the security of customer information at large companies like Star Health, especially in sectors like insurance, which handle sensitive personal data. With customer information being made available for sale, the situation poses a risk of identity theft, fraud, and other cybercrimes. Star Health has yet to issue a detailed statement addressing the hacker’s allegations or the specifics of the data leak. However, experts stress the need for stronger cybersecurity measures and transparency to protect customer data and avoid future incidents of this scale. The situation remains under investigation, with both legal and cybersecurity experts working to determine the scope of the breach and take steps to mitigate the potential damage caused by the leak.