Amitha Reji George, Pune
In the website developed by a hacker identified as XenZen is allegedly exposing personal information including phone numbers, PAN, addresses and prior medical conditions of about 3.1 crore star health insurance clients.
The Chief Information Security Officer (CISO) of star health sold all the data and then attempted to modify the terms of the agreements, the hacker claimed.
Based on information released by UK-based researcher Jason Parker on September 20, a hacker using the handle XenZen created a website including sample data from Star Health Insurance company and sent an email to the top official in charge of managing and handling the company’s digital network.
Provided clarification on the issue, according to a statement released by star health insurance an in depth and rigorous forensic investigation headed by independent cybersecurity specialists is currently in progress, and the organization is collaborating closely with Government and regulatory authorities throughout the whole enquiry process.
The report stated, we also petitioned the Madras High Court, in which it instructed everyone including some third parties to block access to relevant data. We are working hard to carry out these orders.
The company made it clear that the CISO has been fully cooperating with the inquiry and that, as of now, no wrongdoing has been found on his part. Also, we wish to stress that it is unlawful to obtain, possess or distribute client data without authorisation. We ask all social media platforms, hosting companies to act quickly and firmly to stop these kinds of actions and follow the High Court’s directives, the statement added.
The Madras High Court has referred the case for an additional hearing on October 25 after noting that protection is essential to stop the ongoing leakage of sensitive data.
The hacker built Telegram bots, in order to get access to 31,216,953 clients data that is updated until July 2024 and 5,758,425 claims that are available till early August.
The agreement was first finalized for USD 28,000, but the hacker said that the official then requested USD 150,000 on the grounds that he must give a portion to senior-level management in order for the data leak to continue.
People become more susceptible to internet scams once their personal information is leaked.