Star Health hacked:Data of 31 million customers available for free on Telegram – ET CISO
https://etimg.etb2bimg.com/thumb/msid-113587699,imgsize-24152,width-1200,height=765,overlay-etciso/cybercrime-fraud/star-health-hacked-name-address-phone-numbers-medical-reports-and-other-data-of-31-million-customers-available-for-free-on-telegram.jpg
A massive hacking at one of India’s largest health insurers, Star Health, has exposed the private details of over 31 million customers. The stolen data, including sensitive medical reports, has been made publicly accessible through chatbots on the messaging app, Telegram.
According to a report by news agency Reuters, the data of the insurer’s customers is available for free via chatbots on Telegram – the founder of which was recently arrested for allegedly allowing the platform to be used for criminal activities.
How hackers are making stolen data available on Telegram
According to the report, a user named “xenZen” has created chatbots that allow users to request and download various documents, including policy details, claims information, and even medical diagnoses. Reuters says that it was able to download more than 1,500 files that have names, phone numbers, addresses, tax details, copies of ID cards, test results and medical diagnoses of customers. It also claims that some documents are dated as recently as July 2024. UK-based security researcher Jason Parker told the news agency that he posed as a potential buyer on an online hacker forum where a user under the alias xenZen said they made the chatbots and possessed 7.24 terabytes of data.
“If this bot gets taken down watch out and another one will be made available in few hours,” a message read.
While Telegram has taken down the initial chatbots after being alerted by Reuters, new ones have reportedly appeared offering Star Health data. The chatbots were marked “SCAM” with a stock warning that users had reported them as suspect.
“The sharing of private information on Telegram is expressly forbidden and is removed whenever it is found. Moderators use a combination of proactive monitoring, AI tools and user reports to remove millions of pieces of harmful content each day,” said Telegram spokesperson Remi Vaughn said.
What Star Health has to say
The company has acknowledged the breach and is working with law enforcement to address the issue. It said an initial assessment showed “no widespread compromise” and that “sensitive customer data remains secure”.
“The unauthorised acquisition and dissemination of customer data is illegal, and we are actively working with law enforcement to address this criminal activity. Star Health assures its customers and partners that their privacy is of paramount importance to us,” the insurance company said in a statement.