TNI Bureau: A major data breach has exposed the personal information of over 31 million customers of Star Health and Allied Insurance. Deedy Das, a venture capitalist at Menlo Ventures and former Google employee, posted an alert on X (formerly Twitter) regarding the leak, where sensitive customer data is now being sold online for $150,000 (approximately ₹1.26 crore).
The hacker, known as “xenZen,” claims to have obtained 7.24 TB of data from Star Health Insurance, including full names, PAN numbers, phone numbers, emails, addresses, policy details, pre-existing health conditions, and other sensitive information. The hacker alleges that Star Health’s Chief Information Security Officer (CISO), Amarjeet Khanuja, sold the data directly.
Also Read: Congress loses 4 Seats in Haryana for snubbing AAP
“I am leaking all Star Health India customers and insurance claims sensitive data. This leak is sponsored by Star Health and Allied Insurance Company, who sold this data to me directly. You can check the authenticity of the data in the Telegram bots below and read about how they sold it in the section below,” mentioned the Hacker in the website that is live with the purported data.
Also Read: How Congress Rebels sink Party’s Boat in Haryana
The stolen data includes insurance claim records for 57.5 lakh customers and detailed personal information of 31.2 million customers up until August 2024. The hacker is selling this data on a dedicated website, “Star Health Leaks,” where smaller parts of the dataset can be purchased for $10,000 for every 100,000 entries.
The hacker further claims that the data’s authenticity can be verified through Telegram bots, which are accessible via the leak’s website. Star Health has since filed a lawsuit against Telegram and the hacker, characterising the breach as an illegal act of hacking. Despite the company’s statement that no widespread data compromise occurred, the leaked data’s scope suggests a significant cybersecurity failure.
This breach is considered one of the largest in India, heightening concerns over identity theft and the vulnerability of personal data.
BREAKING: One of India’s most massive hacks is happening right now!
~31M rows of Star Health Insurance data — name, DOB, address, phone, PAN card and salary for Indians is selling it for $150k.
Hacker claims CISO Amarjeet Khurana sold him the data.
Nothing is private in India. pic.twitter.com/ozKSUwy6ke
— Deedy (@deedydas) October 9, 2024
You can buy and see a sample of the data here: https://t.co/IyKRjfiAiI pic.twitter.com/uNEBDetevj
— Deedy (@deedydas) October 9, 2024
Just to remind anyone wondering what the consequence of a data leak like this is:
— Identity theft
— Financial fraud
— Targeted scams
— Hacking other accounts
— Phishing attempts
— Account takeovers
— ExtortionIt’s really a long list..
— Deedy (@deedydas) October 9, 2024