Personal data of about 3 crore Star Health customers up for sale online; hacker alleges top official for breach

Personal information similar mobile numbers, PAN, addresses and pre-existing aesculapian conditions of astir 3.1 crore customers of Star Health Insurance is allegedly disposable connected a website created by a hacker identified arsenic xenZen.

The hacker claimed that Star Health's Chief Information Security Officer (CISO) sold each the information and aboriginal tried to alteration the presumption of their deal.

According to the details shared by the UK-based researcher Jason Parker connected September 20, a hacker by the sanction of xenZen has published a website with illustration information of Star Health Insurance Company and an email connection with a apical authoritative liable for handling and managing the integer web of the company.

"I americium leaking each Star Health India customers and security claims delicate data. This leak is sponsored by Star Health and Allied Insurance Company, who sold this information to maine directly," xenZen claimed.

Clarifying connected the substance Star Health Insurance successful a connection said, a thorough and rigorous forensic investigation, led by autarkic cybersecurity experts is underway, and the institution is moving intimately with authorities and regulatory authorities astatine each signifier of this investigation.

"We besides timely approached the Madras High Court which successful the attached bid has directed each including definite 3rd parties to disable entree to the applicable information. We are diligently pursuing the implementation of this order," it said.

The institution categorically mentioned that the CISO has been duly co-operating successful the probe and has not arrived astatine immoderate uncovering of wrongdoing by him till date.

"We besides privation to stress that immoderate unauthorised acquisition, possession, oregon dissemination of lawsuit information is illegal. We impulse each platforms, hosting companies, societal media channels and users to instrumentality swift and decisive enactment to halt specified activities and comply with the orders of the High Court," it said.

Meanwhile, Madras High Court has observed that extortion is captious to forestall the continuous leakage of specified delicate information and referred the substance for further proceeding connected October 25.

The hacker has created Telegram bots to entree information of 31,216,953 customers updated till July 2024 and 5,758,425 claims of the institution disposable till aboriginal August.

The email speech video showed the email ID of the elder institution official. The speech video shows an email chat arsenic good arsenic a chat connected an instant messaging forum betwixt xenZen and the institution authoritative for the deal.

The woody was initially finalised for USD 28,000 but aboriginal the authoritative demanded USD 150,000 connected the pretext that helium has to wage a stock to senior-level absorption for continuation of the information leak, the ha alleged.

Any leak of idiosyncratic details of radical makes them susceptible to online scams.