Star Health probes security chief's alleged involvement in data breach
What's the story
Star Health, India's top health insurance provider, is investigating allegations against its Chief Information Security Officer (CISO), Amarjeet Khanuja. The allegations claim that Khanuja may have been involved in a data breach carried out by a self-proclaimed hacker. The unidentified hacker allegedly used Telegram chatbots and websites to leak customers' medical and personal information.
Accusations
Hacker claims CISO sold data to him
The hacker, who goes by the name xenZen, publicly claimed on his website that Khanuja had "sold all this data to me." However, Star Health has claimed that their internal investigation into the matter has not yet found any evidence of Khanuja's wrongdoing. The company said in a statement on Wednesday, "Our CISO has been duly co-operating in the investigation and we have not arrived at any finding of wrongdoing by him till date."
Legal steps
Star Health takes legal action against Telegram and hacker
Following the data breach, Star Health has filed a lawsuit against both Telegram and the hacker. The move comes after Reuters reported on September 20 how the hacker used chatbots on Telegram to leak customer information. The hacker even created websites for easy access to this leaked data. Since the report, Star's shares have fallen 6% in value.
Cybersecurity measures
Star Health confirms cyberattack and data breach
Star Health has confirmed that it was targeted in a "malicious cyberattack," leading to unauthorized access to certain data. The company is now collaborating with independent cybersecurity experts to carry out a forensic investigation into the incident. Star maintains that there is "no widespread compromise" and assures customers that their sensitive data remains secure. However, according to a post on X by venture capitalist @Deedydas, a hacker is selling personal information of approximately 31 million Star Health customers for $150,000.