Star Health, India’s primary provider of health insurance, encountered a major breach of data recently, leading to the disclosure of private personal data of over 31 million clients.
The breach was made possible by chatbots present on the renowned messaging platform Telegram, thereby highlighting serious concerns regarding data security and the exploitation of technology mediums.
Initially discovered by cybersecurity expert Jason Parker from the UK, the breach was brought to light through Telegram chatbots that were offering access to the customer information of Star Health.
The stolen data consists of various details such as names, contact numbers, addresses, tax particulars, identity card copies, medical diagnoses, and examination outcomes. This information is accessible in small quantities for free, and it can also be obtained in bulk for a substantial amount totaling 7.24 terabytes.
The individual responsible for the creation of these chatbots operates under the pseudonym “xenZen” and has been active within hacker communities.
“I am unveiling the sensitive data of all customers and insurance claims belonging to Star Health India. This disclosure has been supported by Star Health and Allied Insurance Company, who directly sold this data to me,” mentioned xenZen.
Despite Telegram’s attempts to eliminate these chatbots following notifications, new ones quickly surface, demonstrating the difficulties in overseeing such unauthorized operations on the platform.
As per Reuters, Star Health mentioned that an “unknown person reached out to them on August 13, claiming access to some of their data. The insurer notified the cybercrime unit in their base state of Tamil Nadu and also the national cyber security agency CERT-In.”
The organization asserts that an initial evaluation did not reveal any broad compromise and assures clients that the protection of their privacy remains a key concern.
Nevertheless, affected patrons have expressed apprehension about the incident.
Customers like Sandeep TS and Pankaj Subhash Malhotra corroborated the authenticity of leaked documents pertaining to their medical profiles but stated that Star Health had not informed them of any security breach, as reported by Reuters added.
This occurrence emerges amidst increased scrutiny of Telegram’s content supervision mechanisms. Pavel Durov, the founder of Telegram, was recently detained in France on suspicions linked to the platform’s involvement in criminal activities.
With fresh chatbots continually emerging to provide pilfered data, it’s evident that stricter measures are indispensable to safeguard sensitive customer details from exploitation by cybercriminals.
The article titled “Star Health Data Leak: 31 Million Customers’ Data Exposed via Telegram” was published on Cyber Security News.