Star Health Insurance data breach: 3.1 crore customers potentially at risk, here’s what happened

Headquartered in Chennai, Star Health offers health insurance to over 17 crore Indians through a vast network of around 14,000 hospitals and 850 offices in the country. It also provides personal accident as well as overseas and travel insurance.

While it is uncertain if the breach involved customers’ data and how hackers were able to access the sensitive information, here’s what we do know about the hack that could potentially impact crores of Indian customers.

Telegram chatbots used to leak data

The personal data belonging to over 3.1 crore Star Health policyholders as well as information pertaining to over 5.8 million claims were made publicly accessible last month via Telegram chatbots, according to a report by Reuters.

Hackers reportedly used Telegram chatbots to share samples of the personal data with potential buyers. The personal health data on sale included phone numbers, addresses, tax details, copies of ID cards, test results, and medical diagnoses reports of victims.

A day later, Telegram reportedly took down the chatbots after initially marking them as ‘Scam’ with a label warning that users had reported the bots as suspicious. Hackers have used Telegram chatbots to sell stolen data in the past as well. In June last year, an automated Telegram account was used to allegedly share sensitive personal information of Indian citizens – including their Aadhaar and passport numbers – who signed up for the CoWIN portal for their COVID-19 vaccination.

Weeks after the Telegram bots were taken down, the unknown hackers reportedly built a website that listed the Star Health dataset for sale at $150,000 (Rs 1.25 crore approx.)

“I am leaking all Star Health India customers and insurance claims sensitive data. This leak is sponsored by Star Health and Allied Insurance Company, which sold this data to me directly. You can check the authenticity of the data in the Telegram bots below and read about how they sold it in the section below,” the hackers’ website read.

They also alleged that Star Health’s chief information security officer sold them the data.

How has Star Health reacted?

Star Health has moved the Madras High Court against Telegram for hosting the chatbots that were used to sell the stolen data. The legal complaint filed by the insurer also accuses US-based software company Cloudflare for hosting the websites set up by the hackers to offer the stolen dataset for sale.

However, Cloudflare has denied that it hosted the web domains in question.

On the alleged involvement of its CISO Amarjeet Khanuja in the data breach, Star Health said, “We also want to categorically mention that our CISO has been duly co-operating in the investigation, and we have not arrived at any finding of wrongdoing by him till date. We request that his privacy be respected as we know that the threat actor is trying to create panic.”

Meanwhile, Star Health’s shares fell by 2.5 per cent on Thursday morning and are currently trading at Rs 566.