Who hacked Star Health Insurance? Stolen data of 31 million customers put on sale online
Besides personal info like names, dates of birth, mobile numbers and email IDs, sensitive details like PAN and salary were also leaked in the data breach
Besides personal info like names, dates of birth, mobile numbers and email IDs, sensitive details like PAN and salary were also leaked in the data breach
Besides personal info like names, dates of birth, mobile numbers and email IDs, sensitive details like PAN and salary were also leaked in the data breach
Besides personal info like names, dates of birth, mobile numbers and email IDs, sensitive details like PAN and salary were also leaked in the data breach
Leading insurer Star Health Insurance admitted to a shocking data breach after private data of millions of customers were compromised.
The details include names, PAN, salary, mobile numbers, email IDs, dates of birth, residential addresses, policy numbers, pre-existing conditions and other health details
Who hacked Star Health Insurance?
A user, identified as xenZen, took responsibility for the hacking, alleging that Amarjee Khanuja, the Chief Information Security Officer at Star Health Insurance, sold the data to them directly for $43,000.
The insurance details of the customers have now been put on sale by the hacker who allegedly leaked 7.24 TB data consisting information about more than 31 million customers. The whole data was offered for $150,000 while they were partially offered in bundles of 1 lakh customer records at $10,000.
The incident camme to light when X user Deedy Das raised alarm about the data leak, saying "Nothing is private in India." Deedy said Khanuja contacted xenZen through Tox, an encrypted chat messenger, on July 26. They cut a deal for $28,000 Monero, a cryptocurrency, in exchange for the data. Following this, hacker made the payment and accessed the data using login credentials and API details provided by Khanuja via ProtonMail.
Khanuja allegedly sold more data for another $15,000 on July 20. However, Khanuja revoked the access within a week, demanding $150,000 for senior management. However, the hacker refused and the data was listed for sale online. In September, a website was set up to offer customer data through Telegram bots.
However, Star Health has dismissed allegations about its involvement in the "targeted malicious attack". It has filed a lawsuit against the hacker as well as Telegram, where the data was leaked initially
Claiming its operations are fully functional and services to customers are unaffected, the health insurer said a probe is being carried out by its cybersecurity team. "We continue to work in conjunction with authorities to ensure that customer data remains protected,” said the company.