- Indian insurance company Star Health suffered a cyberattack in July, which reportedly resulted in the exfiltration of 31.2 million datasets.
- A cybercriminal announced selling the data breach on a popular hacker forum and offering free samples via Telegram.
- The health insurance providers acknowledged the breach in August but said there is no widespread compromise.
India's largest health insurer, Star Health, suffered a data breach, and the stolen customer details are for sale via Telegram chatbots. Samples of private details belonging to millions of people can be viewed by asking the chatbots, according to a news report from Reuters.
India's biggest player among standalone health insurance providers said in a stock exchange filing released on August 14 that it was investigating an alleged breach of “a few claims data.”
UK-based security researcher Jason Parker said the Star Health chatbots have been operational since at least August 6. Parker said a user under the alias xenZen on an online hacker forum advertised selling 7.24 terabytes of data related to over 31 million Star Health customers.
The hacker also mentioned creating the Telegram chatbots meant to offer free samples. Two now-disabled chatbots offered interested buyers free samples. One offered claim documents in PDF format, and the other provided up to 20 samples from 31.2 million datasets containing policy numbers, names, and even body mass indexes.
Tests conducted by Reuters revealed over 1,500 files downloadable via the chatbots, with some data as recent as July 2024. Notably, the bots featured a welcome message stating they were “by xenZen” and warning that if taken down, replacements would surface within hours.
The stolen information held by the hacker includes policy and claim documents that divulged IDs, names, phone numbers, addresses, tax details, test results, and medical diagnoses.
Among the documents disclosed to Reuters were records related to the treatment of the 1-year-old daughter of a policyholder at a hospital in Kerala and included diagnosis, blood test results, medical history, and a bill.
Another file showed a claim that included ultrasound imaging test results, details of illness, copies of federal tax accounts, and national ID cards. Affected individuals told Reuters they were not made aware of any security breach.
Following a report from Reuters, Telegram swiftly removed the malicious chatbots. A spokesperson stated that Telegram employs proactive monitoring, AI tools, and user reports to eliminate harmful content, but new bots have already emerged.
The use of chatbots on Telegram is facilitated by the app's user-friendly environment, which has contributed to its rapid growth. However, this same feature has enabled malicious actors to exploit the platform for illicit activities, such as data dissemination.
Star Health reported the unauthorized access to local authorities and is actively collaborating with law enforcement to address this criminal activity. The insurer emphasized its commitment to customer privacy and security. Despite these revelations, Star Health maintains that there is no widespread compromise and asserts that sensitive data remains protected.
The hacker also advertised selling other data breaches on the popular cybercriminal forum, including data from 375 million Airtel customers, over 10,800 employee data belonging to Dell and its partners, and India’s Ministry of External Affairs.
Pavel Durov, CEO of Telegram, addressed the charges brought against him for alleged criminal activities facilitated through the messaging platform after his recent arrest in France, saying holding a CEO accountable for third-party actions on a digital platform is a “misguided approach.”
Written by ODD Balls
Be the first to comment