Star Health acknowledges data breach affecting 31 million customers, report says data was sold deliberately

Star Health says it is investigating a possible data breach that may have led to data of 31 million customers being compromised.

In Short

• Star Health Insurance, one of India's leading health insurers, allegedly faces massive data breach
• Insurer confirms data breach that may have affected 31 million customers
• Personal data of Star Health customers reportedly being sold online

Star Health Insurance, one of India's leading health insurers, is allegedly facing a massive data breach. Sensitive personal and insurance details of millions of customers have reportedly been compromised. The stolen data is reportedly on sale online. A threat actor who has reportedly goes by xenZen claims to have accessed 7.24TB of data related to over 31 million customers, and has allegedly listed the data for sale for $150,000. Additionally, smaller data sets containing 100,000 customer records are offered for $10,000 each. This breach has sparked significant concerns over data protection and security in the country.

The hacker claims that the stolen data from Star Health includes highly sensitive information such as customers' names, PAN numbers, mobile numbers, email addresses, birthdates, residential addresses, policy numbers, details of pre-existing conditions, health card numbers, and other confidential medical records.

In a bold accusation, the hacker also alleged that Star Health Chief Information Security Officer (CISO) Amarjeet Khanuja "sponsored" the data leak by purportedly selling the information directly to them. According to reports, Khanuja sold the sensitive information of around 31 million Indian customers, including salary and PAN card details, to xenZen for $43,000.

Deedy Das who rang the alarm on the breach, shared the breakdown of the events in the Star Health data hack case. According to Deedy Das’ tweet:

1. On July 6, 2024, Khanuja contacted xenZen through an encrypted chat app called Tox, after being referred by a middleman named denol.
2. They agreed on $28,000 in Monero (a cryptocurrency) for customer data.
3. Khanuja provided login credentials and API details via ProtonMail; the hacker paid and received the data.
4. On July 20, Khanuja offered more claims data for an additional $15,000, and they repeated the process.
5. Five days later, the hacker’s access was revoked. Khanuja then demanded $150,000, claiming senior management wanted a cut.
6. When the hacker refused, he listed the data for sale online.
7. By September 25, a website called *starhealthleak* was launched, offering customer and claims data through Telegram bots.

Meanwhile, Star Health has strongly refuted these claims, denying any involvement in the breach or the sale of customer data. The company describes it as a "targeted malicious attack". “We wish to clarify that our operations are fully functional, and services to customers remain unaffected. A thorough investigation is being led by our cybersecurity team, and we continue to work in conjunction with authorities to ensure that customer data remains protected,” Star Health said in a statement.

Star Health has confirmed that it has launched an extensive forensic investigation, enlisting independent cybersecurity specialists to aid in the process. Star Health is also working closely with government and regulatory agencies, including insurance and cybersecurity authorities, to address the situation. The insurer has also filed both a criminal complaint and a lawsuit against the hacker and the messaging platform Telegram, where portions of the stolen data were allegedly first shared.

A data leak like the one reported with Star Health Insurance can have serious and long-lasting consequences for those affected. Stolen personal and financial information can lead to identity theft, where bad actors misuse details such as PAN numbers or mobile numbers to open fraudulent accounts. Financial fraud and targeted scams are also a significant risk, with scammers exploiting the data to deceive victims. Additionally, compromised details can facilitate phishing attacks or even account takeovers, where hackers gain access to sensitive online accounts. In more severe cases, extortion attempts may follow, using leaked health information as leverage.