PE-backed Star Health probes alleged role of top exec in data leakage
Advertisement

PE-backed Star Health probes alleged role of top exec in data leakage

By Reuters

  • 10 Oct 2024
PE-backed Star Health probes alleged role of top exec in data leakage
Illustration of a Telegram chatbot created by a hacker | Credit: Reuters

India's Star Health is investigating accusations that its chief information security officer played a role in a data leak by a self-styled hacker who used Telegram chatbots and websites to disseminate customers' medical records and personal data.

The country's biggest health insurer, Star told Reuters that the official, Amarjeet Khanuja, was co-operating in its investigation into the leak, which has so far turned up no evidence of wrongdoing by him.

The investigation comes after the hacker, an individual dubbed xenZen, publicly asserted on his website that the executive had "sold all this data to me".

Advertisement

Khanuja, the firm's chief information security officer (CISO), did not respond to a request for comment.

"Our CISO has been duly co-operating in the investigation and we have not arrived at any finding of wrongdoing by him till date," Star said in Wednesday's statement.

Last month Star Health sued Telegram and the hacker after Reuters reported on Sept. 20 that the hacker used chatbots on the messaging app to leak customer details, before setting up websites providing easy access to the data.

Advertisement

Star was trading down 2% on Thursday, and has lost about 6% since the Reuters report.

"We were the victim of a targeted, malicious cyberattack, resulting in unauthorized and illegal access to certain data," Star said.

Independent cybersecurity experts were leading its forensic investigation, Star added in the statement, and it was also working closely with authorities, to whom it had reported the incident.

Advertisement

Earlier, Star said its initial assessment showed "no widespread compromise", adding, "sensitive customer data remains secure."

A court in Star's southern home state of Tamil Nadu has granted it a temporary injunction ordering Telegram and the hacker to block any chatbots or websites in India that make the data available online.

Telegram has not commented on the lawsuit, while the hacker has vowed to join the hearings online if permitted to do so.

Advertisement

Star's legal challenge to Telegram comes amid growing scrutiny of the platform globally and the recent arrest of its founder Pavel Durov in France, with the app's content moderation and features allegedly abused for illegal activities.

Durov and Telegram denied wrongdoing and are addressing the criticism.

Telegram has previously said it removed the chatbots when Reuters flagged them to the messaging platform's team.

Advertisement

On Thursday, an online website made by the hacker was still allowing people to merely click on a start button to receive samples of the Star Health policy-related data, including claim documents and medical records of patients.

Star did not comment on the website.

"We urge all platforms, hosting companies, social media channels and users to take swift and decisive action to halt such activities," it said.

The Telegram feature allowing users to create chatbots is widely credited with helping the Dubai-based messaging app become one of the world's biggest, with 900 million active user a month.

The hacker's website offered claim document samples in PDF format, while users can also request up to 20 samples from 31.2 million datasets comprising details such as names, policy numbers and even body mass index (BMI).

Share article on

Advertisement
Advertisement
Google News Icon

Google News

Follow VCCircle on Google News for the latest updates on Business and Startup News