Alleged Data Breach: Claims Against Star Health Insurance CISO for Selling Data

Accusations have been made by hackers that Amarjeet Khanuja, the Chief Information Security Officer (CISO) of Star Health Insurance, has purportedly traded confidential information of more than 31 million clients.

The purloined data, which comprises names, birthdates, locations, contact numbers, PAN card particulars, and income details, is allegedly being peddled for $150,000.

The breach at Star Health, deemed as one of India’s most extensive, has instigated substantial fretfulness concerning the privacy and safety of customer data.

The individual behind the security breach allegedly disseminated privileged information leveraging Telegram chatbots. This included facilitating access to policy particulars, insurance claim specifics, and even medical diagnoses.

Based on Das’ report, the perpetrator known as xenZen purportedly obtained the data directly from Khanuja and has established a site to vend the data.

The leakage website is offering the complete dataset for $150,000 and smaller sets of 100,000 records for $10,000 each.

Additionally, the hacker has showcased more than 500 random data excerpts on the website, encompassing details about Indian government officials, to substantiate the legitimacy of the data.

The accusations against Khanuja rely on email captures and a recording portraying discussions between the hacker and the CISO. The emails purportedly depict Khanuja authorizing illicit API entry to the customer data and requesting $150,000 in return for the data.

Had one task, (a) avoid leaving a trace, and (b) refrain from deceiving your partners. Shouldn’t have been too challenging to avoid. Must be functioning devoid of any apprehension of repercussions to exhibit such recklessness. Prospect for a Darwin award. Video illustrating interactions with a team member here: https://t.co/lGgiR6BkOH

— Leading Nowhere (@leading_nowhere) October 9, 2024

Star Health Insurance has admitted the breach but minimized its seriousness, asserting that there was “no widespread breach” and ensuring clients of the security of their data. Nevertheless, the company had previously filed legal actions against Telegram and an unidentified hacker for leaking client data.

The breach poses significant ramifications for the impacted individuals, making them susceptible to identity theft, financial exploitation, targeted deceptions, intrusion into other online profiles, phishing assaults, account infiltrations, and coercion.

With the investigation in progress, customers are advised to exercise added prudence when encountering emails, calls, and messages associated with Star Health in the upcoming months.

The article titled Hackers Allegedly Claim Star Health Insurance CISO Sold the Data originally appeared on Cyber Security News.