Star Health Data Leak: Telegram Removes Bots, Monitors Recreation

New Delhi, Oct 11 (PTI) Messaging app Telegram has taken decisive action against bots that were reported for sharing sensitive data related to Star Health and Allied Insurance Company, and is actively keeping an eye on their re-emergence, a company statement said.

"The bots reported to Telegram for sharing Star Health data were immediately removed and moderators are monitoring to prevent them from being recreated. The sharing of private information on Telegram is expressly forbidden and such content is deleted whenever it is found," the statement said.

Last month, Star Health had sent a legal notice to Telegram, accusing it of hosting chatbots that shared the leaked data, the statement said, adding that Telegram has consistently maintained its stance on data privacy and cooperation with the investigation.

Telegram, in a note titled "Is blaming the Intermediary the new norm in Data Breach Incidents?", said it is becoming increasingly clear that Star Health may have tried to pass the buck to Telegram and Cloudfare.

On September 27, 2024, Telegram had said it had deleted the original two bots sharing this data when they were discovered and any newly-created bots attempting to share this data were likely removed as part of a massive sweep of Telegram's searchable content which resulted in an estimated 90 per cent of harmful content there being removed.

Personal data like mobile numbers, addresses and pre-existing medical conditions of more than 3.1 crore customers of Star Health were allegedly sold by a senior company official, as reported on September 20, 2024.

According to the details shared by the UK-based researcher Jason Parker, a hacker by the name of xenZen had published a website with sample data of Star Health and an e-mail communication with a top official responsible for handling and managing digital network of the company.

"I am leaking all Star Health India customers and insurance claims sensitive data. This leak is sponsored by Star Health and Allied Insurance Company, which sold this data to me directly. You can check the authenticity of the data in the Telegram bots below and read about how they sold it in the section below," the hacker's website read.

The hacker had created Telegram bots to access data of 31,216,953 customers updated till July 2024 and 5,758,425 claims of the company available till early August.

The hacker claimed that Star Health's Chief Information Security Officer (CISO) sold all the data and later tried to change the terms of their deal.

Parker on October 3, 2024, updated that the threat actor has now self-hosted their data leak bots, making it nearly impossible to get it down permanently.

Clarifying the matter, Star Health in a statement had said that a thorough and rigorous forensic investigation, led by independent cybersecurity experts is underway, and the company is working closely with government and regulatory authorities at every stage of this investigation.

"We also timely approached the Madras High Court which in the attached order has directed all including certain third parties to disable access to the relevant information. We are diligently pursuing the implementation of this order," it had said.

The company categorically mentioned that the CISO has been duly cooperating in the investigation and has not arrived at any finding of wrongdoing by him to date.