Personal data like mobile numbers, PAN, addresses and pre-existing medical conditions of about 3.1 crore customers of Star Health Insurance is allegedly available on a website created by a hacker identified as xenZen.
The hacker claimed that Star Health's Chief Information Security Officer (CISO) sold all the data and later tried to change the terms of their deal.
According to the details shared by the UK-based researcher Jason Parker on September 20, a hacker by the name of xenZen has published a website with sample data of Star Health Insurance Company and an email communication with a top official responsible for handling and managing the digital network of the company.
"I am leaking all Star Health India customers and insurance claims sensitive data. This leak is sponsored by Star Health and Allied Insurance Company, who sold this data to me directly," xenZen claimed.
Clarifying on the matter Star Health Insurance in a statement said, a thorough and rigorous forensic investigation, led by independent cybersecurity experts is underway, and the company is working closely with government and regulatory authorities at every stage of this investigation.
"We also timely approached the Madras High Court which in the attached order has directed all including certain third parties to disable access to the relevant information. We are diligently pursuing the implementation of this order," it said.
The company categorically mentioned that the CISO has been duly co-operating in the investigation and has not arrived at any finding of wrongdoing by him till date.
"We also want to emphasize that any unauthorised acquisition, possession, or dissemination of customer data is illegal. We urge all platforms, hosting companies, social media channels and users to take swift and decisive action to halt such activities and comply with the orders of the High Court," it said.
Meanwhile, Madras High Court has observed that protection is vital to prevent the continuous leakage of such sensitive data and referred the matter for further hearing on October 25.
The hacker has created Telegram bots to access data of 31,216,953 customers updated till July 2024 and 5,758,425 claims of the company available till early August.
The email conversation video showed the email ID of the senior company official. The conversation video shows email chat as well as a chat on an instant messaging forum between xenZen and the company official for the deal.
The deal was initially finalised for USD 28,000 but later the official demanded USD 150,000 on the pretext that he has to pay a share to senior-level management for continuation of the data leak, the hecker alleged.
Any leak of personal details of people makes them vulnerable to online scams
(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)
Featured Video Of The Day
Telegram Says It Can't Police All Chatbots in Star Health India Data Leak Indian Court Tells Star Health to Share Details of Leak so Telegram Can Delete Chatbots Star Health Faces $68,000 Ransom Demand After Major Data Leak, Launches Probe Parents On Mumbai Ferry Wanted To Toss Children In Sea. Rescuers Stopped Them 2 Dead As Saudi Doctor Drives BMW Into Crowded Christmas Market In Germany Video: The Moment When German Christmas Market Attack Suspect Was Arrested Sydney's Iconic New Year's Eve Fireworks Could Be Cancelled. Here's Why What Has Been The CAT Cutoff In 2023 For Top IIMs Israel's NSO Group Found Liable For Pegasus Hacking Of WhatsApp Users Track Latest News Live on NDTV.com and get news updates from India and around the world.