Star Health Data Breach Exposes 31 Million Customers’ Private Information on Telegram
In a major cybersecurity breach, over 31 million customers of one of India’s largest health insurers, Star Health, have had their private data, including sensitive medical records, exposed. According to a news agency’s report, the stolen data has been made publicly accessible through chatbots on the messaging app Telegram.
A user, operating under the alias “xenZen,” created chatbots that allow users to download various customer documents, such as policy details, claims information, and medical diagnoses.
The news agency reported that it successfully accessed over 1,500 files containing personal details like names, phone numbers, addresses, ID copies, and medical reports. Some documents are as recent as July 2024.
UK-based security researcher Jason Parker, who posed as a potential buyer on an online hacker forum, revealed that “xenZen” claimed to possess 7.24 terabytes of data. The hacker also warned that if the chatbots were removed, new ones would be made available within hours.
Although Telegram removed the original chatbots after being notified by Reuters, new versions have reportedly surfaced, offering Star Health data. The chatbots were marked with warnings that they had been flagged by users.
Star Health acknowledged the breach but insisted there was “no widespread compromise” of customer data. The company is cooperating with law enforcement and stated that protecting customer privacy is its top priority.