Personal information of around 3.1 crore Star Health Insurance customers, including mobile numbers and medical conditions, is reportedly available on a website by a hacker named xenZen. The hacker accused Star Health's Chief Information Security Officer (CISO) of selling the data and later altering their agreement terms.

The hacker, xenZen, claimed, "I am leaking all Star Health India customers and insurance claims sensitive data. This leak is sponsored by Star Health and Allied Insurance Company, who sold this data to me directly." This statement was made public alongside a website displaying sample data and email exchanges with a senior company official.

Data Breach Allegations

Jason Parker, a UK-based researcher, shared details on September 20 about the breach. The hacker's website includes email communications with a top official responsible for managing the company's digital network. A video shows an email conversation between xenZen and the official, revealing discussions about the data sale.

The hacker alleged that the deal was initially set at USD 28,000. However, the official later demanded USD 150,000, citing a need to share proceeds with senior management to continue the data leak.

Company's Response

Star Health Insurance stated that an independent forensic investigation is underway. They are collaborating with government and regulatory bodies throughout this process. The company emphasized that any unauthorized handling of customer data is illegal and urged platforms to comply with High Court orders to stop such activities.

The Madras High Court has been approached by Star Health Insurance. The court directed all parties to disable access to the leaked information and scheduled further hearings for October 25. The company assured that their CISO is cooperating fully in the investigation.

Legal Actions and Concerns

The Madras High Court noted the importance of preventing further leaks of sensitive data. They stressed the need for protection against continuous breaches. Meanwhile, xenZen has created Telegram bots to access data of over 31 million customers updated till July 2024 and more than 5 million claims available till early August.

Star Health Insurance reiterated their commitment to implementing the court's order diligently. They highlighted that no wrongdoing by their CISO has been found so far in the ongoing investigation.

The exposure of personal details poses significant risks for individuals, making them susceptible to online scams. As investigations continue, authorities are working to address these vulnerabilities and ensure customer data security.