Who hacked Star Health Insurance? Stolen data of 31 million customers put on sale online

Besides personal info like names, dates of birth, mobile numbers and email IDs, sensitive details like PAN and salary were also leaked in the data breach

Hacking Representational image | Shutterstock

Leading insurer Star Health Insurance admitted to a shocking data breach after private data of millions of customers were compromised.

The leaked data not only includes personal info like names, dates of birth, mobile numbers and email IDs, but also sensitive details like PAN, salary, residential addresses, policy numbers, pre-existing conditions and other health details

Who hacked Star Health Insurance?

A user, identified as xenZen, took responsibility for the hacking, alleging that Amarjee Khanuja, the Chief Information Security Officer at Star Health Insurance, sold the data to them directly for $43,000. 

The insurance details of the customers have now been put on sale by the hacker who allegedly leaked 7.24 TB data consisting information about more than 31 million customers. The whole data was offered for $150,000 while they were partially offered in bundles of 1 lakh customer records at $10,000.

The incident camme to light when X user Deedy Das raised alarm about the data leak, saying "Nothing is private in India." Deedy alleged that Khanuja contacted xenZen through Tox, an encrypted chat messenger, on July 26. They allegedly cut a deal for $28,000 Monero, a cryptocurrency, in exchange for the data. Following this, hacker made the payment and accessed the data using login credentials and API details allegedly provided by Khanuja via ProtonMail.

Khanuja allegedly sold more data for another $15,000 on July 20. Deedy alleged that Khanuja, however, revoked the access within a week, demanding $150,000 for senior management. But the hacker refused and later the data was listed for sale online. In September, a website was set up to offer customer data through Telegram bots.

However, Star Health has dismissed allegations about its involvement in the "targeted malicious attack". It has filed a lawsuit against the hacker as well as Telegram, where the data was leaked initially

Claiming its operations are fully functional and services to customers are unaffected, the health insurer said a probe is being carried out by its cybersecurity team. "We continue to work in conjunction with authorities to ensure that customer data remains protected,” said the company.

Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp