A forensic investigation by an independent firm that went into the allegations made by a hacker against Star Health Insurance’s chief information security officer (CISO) has revealed that there was no evidence of any wrongdoing by the CISO.

Earlier, the hacker, whom the company refers to as a threat actor (an unknown person or group of persons), had charged that the CISO was behind the company’s massive customer data breach.

The firm, an expert in cybersecurity matters and which was appointed by the company, has concluded that the alleged communication between the threat actor and CISO was fabricated by the former and that there were no links between the CISO and the incident, Star Health Insurance informed the stock exchange on Monday.

The risk management committee (RMC) and IT committee (ITC) of the board of the company (committees) in their meeting on Monday discussed the issue. The chief risk officer (CRO) presented to the committee the modus operandi used by the hacker for data exfiltration and the forensic audit findings in this connection. He explained that the investigation did not uncover any links between the CISO and the cyber incident, and no incriminating evidence was found.

Pursuant to the orders passed by the Madras high court and Indian Cyber Crime Coordination Centre, all known websites on which the hacker had publicly exposed certain data and Telegram bots deployed have been taken down, it added.

The regulatory filing further said the committee advised the company to strengthen its information security systems and update it periodically on the progress made as against the presented action plan.

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETCISO App

• Get Realtime updates
• Save your favourite articles

Scan to download App