Page Loader
Summarize
Star Health probes security chief's alleged involvement in data breach
Hacker claims Star Health's CISO sold data to him

Star Health probes security chief's alleged involvement in data breach

Oct 10, 2024
03:26 pm

What's the story

Star Health, India's top health insurance provider, is investigating allegations against its Chief Information Security Officer (CISO), Amarjeet Khanuja. The allegations claim that Khanuja may have been involved in a data breach carried out by a self-proclaimed hacker. The unidentified hacker allegedly used Telegram chatbots and websites to leak customers' medical and personal information.

Accusations

Hacker claims CISO sold data to him

The hacker, who goes by the name xenZen, publicly claimed on his website that Khanuja had "sold all this data to me." However, Star Health has claimed that their internal investigation into the matter has not yet found any evidence of Khanuja's wrongdoing. The company said in a statement on Wednesday, "Our CISO has been duly co-operating in the investigation and we have not arrived at any finding of wrongdoing by him till date."

Legal steps

Star Health takes legal action against Telegram and hacker

Following the data breach, Star Health has filed a lawsuit against both Telegram and the hacker. The move comes after Reuters reported on September 20 how the hacker used chatbots on Telegram to leak customer information. The hacker even created websites for easy access to this leaked data. Since the report, Star's shares have fallen 6% in value.

Cybersecurity measures

Star Health confirms cyberattack and data breach

Star Health has confirmed that it was targeted in a "malicious cyberattack," leading to unauthorized access to certain data. The company is now collaborating with independent cybersecurity experts to carry out a forensic investigation into the incident. Star maintains that there is "no widespread compromise" and assures customers that their sensitive data remains secure. However, according to a post on X by venture capitalist @Deedydas, a hacker is selling personal information of approximately 31 million Star Health customers for $150,000.