Breaking News: Star Health and Allied Insurance Investigating Cybersecurity Incident with Leak of Sensitive Customer Data
Star Health and Allied Insurance, one of India's largest health insurance companies, is currently investigating a cybersecurity incident that has resulted in the alleged leak of sensitive customer data, including medical records. The Chennai-based insurance giant has confirmed that a forensic investigation is underway after data stolen from the company was shared online.
A hacker group recently utilized chatbots on Telegram to leak personal data of Star Health's policyholders, such as full names, phone numbers, addresses, medical reports, insurance claims, ID cards, and tax details. Multibagger was the first to report on the Telegram chatbots leaking this alleged customer data. Star Health, which has provided coverage to 170 million individuals, has not yet commented on the incident.
The hacker group also created a website to share the data, including a video allegedly showing conversations between Star Health's CISO and the hackers. The insurer has taken legal action against Telegram for hosting the chatbots and Cloudflare for hosting the hacker group's website.
In response to the lawsuit, the court has issued interim injunctions to Telegram and Cloudflare to restrict the use of their platforms by the hacker group. TechCrunch has verified that the hacker group's website is inaccessible from certain internet providers in India, though accessible from others.
Star Health, with a vast network of hospitals and branch offices across India, has processed over $3.6 billion in claims. The insurer offers health, personal accident, and travel insurance. Telegram, Cloudflare, and India's CERT-In have not responded to requests for comment.
In conclusion, this cybersecurity incident highlights the importance of data protection and the potential risks involved in storing sensitive information online. Customers should be vigilant about sharing personal data and consider the security measures taken by companies to protect their information. This incident serves as a reminder of the ongoing threat of cyberattacks and the need for robust cybersecurity measures in today's digital world.