Hacker Leaks 31 Million Star Health Insurance Customers’ Data for $150,000

TNI Bureau: A major data breach has exposed the personal information of over 31 million customers of Star Health and Allied Insurance. Deedy Das, a venture capitalist at Menlo Ventures and former Google employee, posted an alert on X (formerly Twitter) regarding the leak, where sensitive customer data is now being sold online for $150,000 (approximately ₹1.26 crore).

The hacker, known as “xenZen,” claims to have obtained 7.24 TB of data from Star Health Insurance, including full names, PAN numbers, phone numbers, emails, addresses, policy details, pre-existing health conditions, and other sensitive information. The hacker alleges that Star Health’s Chief Information Security Officer (CISO), Amarjeet Khanuja, sold the data directly.

Also Read: Congress loses 4 Seats in Haryana for snubbing AAP

“I am leaking all Star Health India customers and insurance claims sensitive data. This leak is sponsored by Star Health and Allied Insurance Company, who sold this data to me directly. You can check the authenticity of the data in the Telegram bots below and read about how they sold it in the section below,” mentioned the Hacker in the website that is live with the purported data.

Also Read: How Congress Rebels sink Party’s Boat in Haryana

The stolen data includes insurance claim records for 57.5 lakh customers and detailed personal information of 31.2 million customers up until August 2024. The hacker is selling this data on a dedicated website, “Star Health Leaks,” where smaller parts of the dataset can be purchased for $10,000 for every 100,000 entries.

Support Independent Journalism? Keep us live.

The hacker further claims that the data’s authenticity can be verified through Telegram bots, which are accessible via the leak’s website. Star Health has since filed a lawsuit against Telegram and the hacker, characterising the breach as an illegal act of hacking. Despite the company’s statement that no widespread data compromise occurred, the leaked data’s scope suggests a significant cybersecurity failure.

This breach is considered one of the largest in India, heightening concerns over identity theft and the vulnerability of personal data.

 

Comments are closed.