Indian health insurer Star Health has reportedly become the victim of a data breach, with sensitive information on more than 31 million customers leaked via chatbots on Telegram.
The company, with a market capitalisation of more than $4bn (Rs334.17bn), confirmed the alleged unauthorised data access and has reported it to local authorities, Reuters said.
An initial assessment by Star Health suggested that there was “no widespread compromise”.
The insurer also confirmed that “sensitive customer data remains secure”.
However, using the chatbots, Reuters could access policy and claims documents containing personal details of customers, highlighting a significant security lapse.
Star Health reported an unidentified individual claiming to have some of their data on 13 August.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataThe insurer has since contacted the cybercrime department of Tamil Nadu and the federal cybersecurity agency Indian Computer Emergency Response Team (CERT-In).
On 14 August, Star Health disclosed to the stock exchange that it was investigating an alleged breach of “a few claims data”.
The incident not only raises concerns about the security measures of Indian companies but also underscores the challenges faced by Telegram in preventing misuse of its platform.
Representatives for CERT-In and the Tamil Nadu cybercrime department have yet to respond to Reuters’ requests for comment.
“The unauthorised acquisition and dissemination of customer data is illegal, and we are actively working with law enforcement to address this criminal activity. Star Health assures its customers and partners that their privacy is of paramount importance to us,” the insurer said in its statement.
Reuters noted that the chatbots, credited to “xenZen”, have been active since at least 6 August, according to UK-based security researcher Jason Parker.
Parker, posing as a potential buyer on an online hacker forum, learned from a user with the alias xenZen that they had access to 7.24 terabytes of data from more than 31 million Star Health customers.
The data is available for free in small quantities but is being sold in bulk, the report added.