Star Health Insurance has officially confirmed that it has become a victim of a significant and alarming data breach, prompting widespread concern regarding the security and privacy of its millions of customers. This cyberattack has raised serious alarms about the vulnerability of sensitive personal and insurance information, as reports indicate that crucial data has been compromised, with claims that the stolen information is currently being offered for sale on the dark web.
The breach was reportedly executed by a hacker who identifies himself as xenZen, and he claims to have accessed an astounding 7.24 terabytes of data, impacting over 31 million customers. The hacker is allegedly attempting to sell this vast trove of sensitive data for a staggering sum of $150,000, while smaller batches containing 100,000 customer records are priced at $10,000 each. The implications of this breach are far-reaching and profound, given that the stolen data encompasses highly sensitive information, including customers' names, Permanent Account Number (PAN) details, mobile and email addresses, birthdates, residential addresses, policy numbers, comprehensive details regarding pre-existing health conditions, health card numbers, and a host of other confidential medical records. Such a breach poses a significant risk to customer privacy and overall security, raising the potential for identity theft and fraud.
Adding to the severity of the situation, the hacker has made bold allegations against Star Health's Chief Information Security Officer (CISO), Amarjeet Khanuja, claiming that he played a direct role in facilitating the data breach. According to the hacker, Khanuja allegedly "sponsored" the breach by selling sensitive customer information directly to the hacker for a sum of $43,000. This shocking assertion includes claims about the sale of detailed records related to 31 million Indian customers, incorporating not only personal details but also sensitive information such as salary and PAN card information.
In light of this distressing incident, Star Health Insurance has issued a formal statement acknowledging the breach. The company confirmed that it had been targeted by a malicious cyberattack, which led to unauthorized access to certain data. They reassured their customers that business operations remained unaffected and that all services continued without any disruption, despite the ongoing crisis.
In response to the breach, the company has initiated a thorough forensic investigation, led by independent cybersecurity experts, to assess the extent of the breach and identify vulnerabilities that may have been exploited during the attack. Star Health is collaborating closely with government and regulatory authorities throughout this complex process and has reported the incident to relevant insurance and cybersecurity regulatory bodies. Additionally, a criminal complaint has been filed against the perpetrators of this cybercrime, underscoring the seriousness with which the company is treating this matter.
Star Health has also taken legal action by approaching the Madras High Court regarding the breach, which has ordered all parties involved to disable access to the stolen data immediately. The company has expressed its commitment to adhere to this court directive and to ensure that any remaining vulnerabilities are addressed promptly.
While Star Health reiterated its unwavering dedication to customer privacy and data security, it emphasized that its CISO is fully cooperating with the ongoing investigation. Importantly, the company noted that no wrongdoing has been established against him at this time. The firm believes that the hacker’s attempts to sensationalize the situation are meant to create unnecessary panic among its customer base and undermine public trust.
In its communications, Star Health has underscored that any unauthorized acquisition, possession, or dissemination of customer data is illegal, calling on all platforms, hosting companies, social media channels, and users to take immediate and effective action to curb such illegal activities and comply with the court's orders.
Furthermore, the insurance provider has reassured its customers and partners that maintaining privacy and ensuring robust data security measures are paramount to its operations. "We have robust security measures in place," the company stated firmly, emphasizing its commitment to preserving the trust and confidence of its customers in the wake of this serious security breach. Star Health has vowed to take every possible step to strengthen its defenses and prevent similar incidents in the future, acknowledging the trust that customers place in them to safeguard their personal information. The company is keenly aware that trust is integral to its business model and is committed to restoring and enhancing that trust as they navigate this challenging situation.
Â
