• Star Health confirmed a data breach that led to unauthorized access of sensitive customer information but stated that operations were unaffected.
  • Hackers used Telegram chatbots to leak data of over 31 million Star Health policyholders, including personal details and medical reports.

Star Health and Allied Insurance, one of India’s leading health insurance firms, has confirmed a “malicious cyberattack” that compromised sensitive customer data. The Chennai-based insurer revealed that the breach led to “unauthorized and illegal access to certain data” but assured that their operations and services remained unaffected.

The company stated:

“A thorough and rigorous forensic investigation, led by independent cybersecurity experts, is underway, and we are working closely with government and regulatory authorities at every stage of this investigation, including by duly reporting the incident to the insurance and cybersecurity regulatory authorities apart from filing a criminal complaint.”

The breach comes two weeks after a hacker group claimed to have posted health records and other personal information online. In September, the hackers used Telegram chatbots to leak personal data belonging to over 31 million Star Health policyholders, including names, phone numbers, addresses, medical reports, and insurance claims. Copies of customer ID cards and tax details were also reportedly shared.

In response, Star Health filed a complaint with the Madras High Court against Telegram for hosting these chatbots and named Cloudflare in the lawsuit for supporting the hacker group's websites.

India’s CERT-In stated that it is “already in process of taking appropriate action with the concerned authority.”

Star Health’s Chief Information Security Officer (CISO), Amarjeet Khanuja, is cooperating in the investigation, with the insurer stating, “we have not arrived at any finding of wrongdoing by him till date.”

As the investigation continues, details on how the data breach occurred and the identity of the perpetrators remain unclear. Star Health has yet to confirm whether the breach was due to an insider threat or an external attack.

Edited by Harshajit Sarmah

ALSO READ:

23andMe Faces Backlash Over Terms Change After Data Breach
* 23andMe modifies terms, hindering collective legal action by breach victims after a data breach. * Legal experts decry 23andMe’s changes, describing them as a “cynical” attempt to protect the company’s interests. * Despite altered terms, customers are exploring legal avenues, including filing class action lawsuits against 23andMe. Days before revealing a data
NewzchainTanay Chopra