Star Health Data Leak: 3.1 Cr Customers Affected
By Rediff Money Desk, New Delhi Sep 20, 2024 21:08
A cyber security researcher claims a Star Health Insurance official sold personal data of over 3.1 crore customers, including mobile numbers, addresses, and medical conditions. The company has confirmed the leak and is investigating.
New Delhi, Sep 20 (PTI) Personal data like mobile numbers, addresses and pre-existing medical conditions of more than 3.1 crore customers of Star Health and Allied Insurance Company have been allegedly sold by a senior company official, a UK-based cyber security researcher has claimed.
A query sent to Star Health Insurance over the claims did not elicit any reply till the filing of the news report.
However, the company has sent emails to its customers alerting them about the possibility of fraudulent activity by third parties.
According to the details shared by the UK-based researcher Jason Parker on Friday, a hacker by the name of xenZen has published a website with sample data of Star Health Insurance Company and an email communication with a top official responsible for handling and managing digital network of the company.
"I am leaking all Star Health India customers and insurance claims sensitive data. This leak is sponsored by Star Health and Allied Insurance Company, who sold this data to me directly," xenZen claimed.
The hacker has created Telegram bots to access data of 31,216,953 customers updated till July 2024 and 5,758,425 claims of the company available till early August.
The email conversation video showed the email ID of the senior company official. The conversation video shows email chat as well as a chat on an instant messaging forum between xenZen and the company official for the deal.
The deal was initially finalised for USD 28,000 but later the official demanded USD 150,000 on the pretext that he has to pay a share to senior-level management for continuation of the data leak.
Any leak of personal details of people make them vulnerable to online scams.
Star Health on its part has alerted its customers about the possibility of fraudulent activities by third parties.
"It has come to our attention that certain third parties may be attempting to engage in unauthorised activities by falsely representing themselves as STAR Health officials and encouraging customers to discontinue their existing policy with us. These fraudulent acts not only pose a risk to your personal information but also potentially jeopardize the long-term benefits of your policy," the email to customers read.
The company on August 14 informed BSE that it is in receipt of e-mails from an unidentified person claiming to have unauthorized access to a few claims data.
"Our cybersecurity team is already investigating the matter and simultaneously a police complaint has been filed. The Company has adequate cybersecurity systems and controls, which are in accordance with IRDAI and other regulatory norms. We will issue further updates in accordance with the extant regulations," Star Health had said.
The company had also reported about a cyber fraud related incident in December 2022.
Star Health had on March 23, 2023 informed BSE about the incident and said that during its regular assessment it observed an unauthorised access to the company's mobile application.
In April 2023, a writ petition was filed in the Madras High Court by a cyber security researcher Himanshu Pathak against Star Health demanding action against the company for exposing the sensitive customer data including of the petitioner.
From the documents submitted in the writ petition, Pathak (CyberX9) reported the vulnerabilities exposing the sensitive data of all customers to Star Health in December 2022 and also reported the same to CERT-In.
The matter is still sub-judice in the Pathak's case.
A query sent to Star Health Insurance over the claims did not elicit any reply till the filing of the news report.
However, the company has sent emails to its customers alerting them about the possibility of fraudulent activity by third parties.
According to the details shared by the UK-based researcher Jason Parker on Friday, a hacker by the name of xenZen has published a website with sample data of Star Health Insurance Company and an email communication with a top official responsible for handling and managing digital network of the company.
"I am leaking all Star Health India customers and insurance claims sensitive data. This leak is sponsored by Star Health and Allied Insurance Company, who sold this data to me directly," xenZen claimed.
The hacker has created Telegram bots to access data of 31,216,953 customers updated till July 2024 and 5,758,425 claims of the company available till early August.
The email conversation video showed the email ID of the senior company official. The conversation video shows email chat as well as a chat on an instant messaging forum between xenZen and the company official for the deal.
The deal was initially finalised for USD 28,000 but later the official demanded USD 150,000 on the pretext that he has to pay a share to senior-level management for continuation of the data leak.
Any leak of personal details of people make them vulnerable to online scams.
Star Health on its part has alerted its customers about the possibility of fraudulent activities by third parties.
"It has come to our attention that certain third parties may be attempting to engage in unauthorised activities by falsely representing themselves as STAR Health officials and encouraging customers to discontinue their existing policy with us. These fraudulent acts not only pose a risk to your personal information but also potentially jeopardize the long-term benefits of your policy," the email to customers read.
The company on August 14 informed BSE that it is in receipt of e-mails from an unidentified person claiming to have unauthorized access to a few claims data.
"Our cybersecurity team is already investigating the matter and simultaneously a police complaint has been filed. The Company has adequate cybersecurity systems and controls, which are in accordance with IRDAI and other regulatory norms. We will issue further updates in accordance with the extant regulations," Star Health had said.
The company had also reported about a cyber fraud related incident in December 2022.
Star Health had on March 23, 2023 informed BSE about the incident and said that during its regular assessment it observed an unauthorised access to the company's mobile application.
In April 2023, a writ petition was filed in the Madras High Court by a cyber security researcher Himanshu Pathak against Star Health demanding action against the company for exposing the sensitive customer data including of the petitioner.
From the documents submitted in the writ petition, Pathak (CyberX9) reported the vulnerabilities exposing the sensitive data of all customers to Star Health in December 2022 and also reported the same to CERT-In.
The matter is still sub-judice in the Pathak's case.
Source: PTI
DISCLAIMER - This article is from a syndicated feed. The original source is responsible for accuracy, views & content ownership. Views expressed may not reflect those of rediff.com India Limited.
You May Like To Read
TODAY'S MOST TRADED COMPANIES
- Company Name
- Price
- Volume
- Vodafone Idea L
- 8.21 ( -0.97)
- 32294573
- Rajnish Wellness
- 1.76 ( -4.35)
- 20289674
- YES Bank Ltd.
- 20.84 (+ 3.63)
- 19341545
- Filatex Fashions
- 0.97 (+ 4.30)
- 19139371
- AvanceTechnologies
- 0.91 ( 0.00)
- 18843505
MORE NEWS
Sebi Revises Mobile & Email Alert Guidelines...
Sebi updates guidelines on shared mobile numbers and email addresses for investor...
TBO Tek Stake Sale: 5.9% Offloaded for Rs 935...
Augusta TBO (Singapore) and TBO Korea Holdings sold a combined 5.9% stake in TBO Tek...
GST Rate Rationalisation: GoM Yet to Submit...
The CBIC clarifies that the GoM on GST rate rationalisation has not yet submitted its...