Star Health Probes Alleged Role of Security Chief in Data Leak

Star Health also said that independent cybersecurity experts were leading its forensic investigation and it was working closely with authorities.

Star Health Probes Alleged Role of Security Chief in Data Leak

Photo Credit: Reuters

Star Health reportedly acknowledged the data breach earlier this month

Highlights
  • Star Health is probing the alleged role of its CISO in the data breach
  • The insurer sued Telegram after its chatbots were used to leak user data
  • Star Health says it is probing the breach with authorities, experts
Advertisement

India's Star Health is investigating accusations that its chief information security officer played a role in a data leak by a self-styled hacker who used Telegram chatbots and websites to disseminate customers' medical records and personal data.

The country's biggest health insurer, Star told Reuters that the official, Amarjeet Khanuja, was co-operating in its investigation into the leak, which has so far turned up no evidence of wrongdoing by him.

The investigation comes after the hacker, an individual dubbed xenZen, publicly asserted on his website that the executive had "sold all this data to me".

Khanuja, the firm's chief information security officer (CISO), did not respond to a request for comment.

"Our CISO has been duly co-operating in the investigation and we have not arrived at any finding of wrongdoing by him till date," Star said in Wednesday's statement.

Last month Star Health sued Telegram and the hacker after Reuters reported on Sept. 20 that the hacker used chatbots on the messaging app to leak customer details, before setting up websites providing easy access to the data.

Star was trading down 2% on Thursday, and has lost about 6% since the Reuters report.

"We were the victim of a targeted, malicious cyberattack, resulting in unauthorized and illegal access to certain data," Star said.

Independent cybersecurity experts were leading its forensic investigation, Star added in the statement, and it was also working closely with authorities, to whom it had reported the incident.

Earlier, Star said its initial assessment showed "no widespread compromise", adding, "Sensitive customer data remains secure."

A court in Star's southern home state of Tamil Nadu has granted it a temporary injunction ordering Telegram and the hacker to block any chatbots or websites in India that make the data available online.

Telegram has not commented on the lawsuit, while the hacker has vowed to join the hearings online if permitted to do so.

Star's legal challenge to Telegram comes amid growing scrutiny of the platform globally and the recent arrest of its founder Pavel Durov in France, with the app's content moderation and features allegedly abused for illegal activities.

Durov and Telegram denied wrongdoing and are addressing the criticism.

Telegram has previously said it removed the chatbots when Reuters flagged them to the messaging platform's team.

On Thursday, an online website made by the hacker was still allowing people to merely click on a start button to receive samples of the Star Health policy-related data, including claim documents and medical records of patients.

Star did not comment on the website.

"We urge all platforms, hosting companies, social media channels and users to take swift and decisive action to halt such activities," it said.

The Telegram feature allowing users to create chatbots is widely credited with helping the Dubai-based messaging app become one of the world's biggest, with 900 million active user a month.

The hacker's website offered claim document samples in PDF format, while users can also request up to 20 samples from 31.2 million datasets comprising details such as names, policy numbers and even body mass index (BMI).

© Thomson Reuters 2024

(This story has not been edited by NDTV staff and is auto-generated from a syndicated feed.)

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Apple Watch Series 10 Review: Classic Reimagined
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »