Star Health, India’s largest health insurer, reported on Saturday that it received a ransom demand of $68,000 from a cyberhacker following a significant data breach involving sensitive customer information. The breach, which included personal data such as tax details and medical records, has led to ongoing reputational and business challenges for the company.
The ransom demand, revealed for the first time, was sent in August through an email addressed to the company’s managing director and chief executive. This disclosure follows reports on September 20 that exposed the hacker’s use of Telegram chatbots and a website to leak customer information. Star Health, which has a market capitalization of around $4 billion, has seen its shares drop 11% as it struggles to manage the fallout.
In response to the breach, Star Health has launched internal investigations and initiated legal action against both the hacker and Telegram. Despite these efforts, the hacker—known as xenZen—continues to share samples of the stolen data online. Star Health stated that Telegram has not provided account details or permanently banned the accounts linked to xenZen, despite multiple notices from the company.
The health insurer also responded to inquiries from Indian stock exchanges regarding allegations that its Chief Security Officer, Amarjeet Khanuja, might have been involved in the data leak. Star Health reiterated that it has found no evidence of misconduct by Khanuja, though its internal investigation is still ongoing.
Star Health has sought help from Indian cybersecurity authorities to identify the hacker and address the situation. Meanwhile, Telegram has not commented on the issue, though the Dubai-based messaging app previously removed the chatbots when Reuters flagged them.
Featured Image courtesy of Rappler
Follow us for more updates on Star Health.