Hackers have alleged that the Chief Information Security Officer (CISO) of Star Health Insurance, Amarjeet Khanuja, sold them sensitive data of over 31 million customers.
The data, including names, birth dates, addresses, phone numbers, PAN card details, and salaries, is being sold for $150,000.
The Star Health breach, which is considered one of India’s largest, has raised significant concerns over customer privacy and data security.
The hacker responsible for the security breach reportedly distributed confidential information using Telegram chatbots. This included granting users access to policy specifics, details about insurance claims, and even medical diagnoses.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
According to Das’ report, the hacker, identified as xenZen, claims to have obtained the data directly from Khanuja and has created a website to sell the information.
The leak website offers the entire dataset for $150,000 and smaller packages of 100,000 entries for $10,000 each.
The hacker has also provided over 500 random data samples on the website, including information on Indian government officials, to prove the authenticity of the data.
The allegations against Khanuja are based on email screenshots and a video showing conversations between the hacker and the CISO. The emails allegedly show Khanuja providing illegal API access to the customer data and demanding $150,000 for the information.
Star Health Insurance has acknowledged the breach but downplayed its severity, claiming that there was “no widespread compromise” and assuring customers that their data remains secure. However, the company had earlier filed lawsuits against Telegram and an unknown hacker for leaking customer data.
The breach has significant implications for the affected individuals, who are now vulnerable to identity theft, financial fraud, targeted scams, hacking of other online accounts, phishing attacks, account takeovers, and extortion.
As the investigation unfolds, customers are advised to take extra precautions when handling emails, calls, and messages related to Star Health in the coming months.
Strategies to Protect Websites & APIs from Malware Attack => Free Webinar