Big Data Leak in Star Health Insurance: 3.1 crore customers at risk, Data sold on Telegram
A big data leak has taken place in Star Health Insurance Company. Hackers are selling data of over 3 crore customers on Telegram. Hackers allege that Star Health’s Chief Information Security Officer (CISO) has sold this data to them. Now hackers are selling whole data for $150k. For this purpose they have create telegram bots and a dedicated website : https://starhealthleak.st/. Hackers claim they possess a significant amount of data from Star Health Insurance customers till July 2024:
- Insurance Claims Data: 5,758,425 claims
- Total Data: 7.24 TB
- Customer Data: 31,216,953 customers
Follow Data is available with Hackers:
- Full Name
- PAN No.
- Mobile No.
- Date of Birth
- Residential Address
- Insured Date of Birth
- Insured Name
- Gender
- Pre-existing Disease
- Policy Number
- Health Card
- Nominee Name
- Nominee Age
- Nominee Claim %
- Nominee Relationship
- Insured Height
- Weight
- BMI
- Aadhaar Card Photo
- PAN Card Photo
- Detailed Medical/Health Reports
- Residential Address
- Contact Details
- Insurance Claim Details
- Amount Details
- etc..
Star Health and Allied Insurance confirmed on Wednesday, October 9, that they were hit by a cyber attack resulting in “unauthorised and illegal access to certain data.” Despite this, the company stated that its operations remained unaffected. A thorough forensic investigation is underway, led by independent cybersecurity experts. Star Health is also working closely with government and regulatory authorities, including reporting the incident to insurance and cybersecurity regulators and filing a criminal complaint.
Star Health, headquartered in Chennai, provides health insurance to over 17 crore Indians through a network of around 14,000 hospitals and 850 offices. The company also offers personal accident and travel insurance.
Data Breach Details:
While it is unclear whether customer data was compromised or how hackers accessed sensitive information, reports indicate that over 3.1 crore policyholders’ data and information on more than 5.8 million claims were made publicly accessible via Telegram chatbots.
Use of Telegram Chatbots:
Hackers used Telegram chatbots to share samples of stolen personal data, including phone numbers, addresses, tax details, copies of ID cards, test results, and medical diagnosis reports. Although Telegram removed the chatbots after marking them as a scam, the hackers later built a website offering the stolen data for sale at $150,000 (approximately Rs 1.25 crore). The hackers also claimed that Star Health’s Chief Information Security Officer (CISO) sold them the data. Events as per the details shared:
- On July 6, 2024, Khanuja contacted xenZen through an encrypted chat app called Tox, after being referred by a middleman named denol.
- They agreed on $28,000 in Monero (a cryptocurrency) in exchange for customer data.
- Khanuja provided login credentials and API details via ProtonMail; the hacker paid and received the data.
- On July 20, Khanuja offered more claims data for an additional $15,000, and they repeated the transaction.
- Five days later, the hacker’s access was revoked. Khanuja then demanded $150,000, claiming senior management wanted a cut.
- When the hacker refused, he listed the data for sale online.
- By September 25, a website called starhealthleak was launched, offering customer and claims data through Telegram bots.
Star Health’s Response:
Star Health has taken legal action, filing a complaint against Telegram for hosting the bots used in the data breach and Cloudflare, which they allege hosted the hackers’ website. Cloudflare, however, denied hosting the domains. Regarding the allegations against their CISO, Star Health stated that he has been cooperating with the investigation, and no wrongdoing has been found. The company urged that his privacy be respected.
