The leaked data includes details such as names, PAN numbers, mobile numbers, date of birth, email IDs, residential addresses, and certain policy specific information as well, like health card details, policy number, pre-existing conditions and more. Per media reports, the hacker has created
The hacker also accused the company's
1. Khanuja reached out to the hacker on July 6th, 2024, via an encrypted chat app called Tox.
2. They settled on $28,000 for selling customer data, which would be paid via Monero, a cryptocurrency.
3. Khanuja sends hackers all requisite details like login credentials and API endpoints on proton mail, a secure, encrypted email facility, and received payment from the hacker.
4. On July 20th, Khanuja pitches for selling claims related data as well. This deal is settled at $15,000.
5. The hacker's access is reportedly revoked 5 days later, when Khanuja demands for $1,50,000 for the 5TB accessed by the hacker, asking for a cut for senior management as well.
6. Hacker demands a full refund. Months later, on September 25, they drop a website titled "starhealthleak", which offered both customer and claim related data through 2 telegram bots.
Das further mentions that CloudSEK, an AI-powered digital risk monitoring platform had called this evidence as fabricated. But upon closer investigation it was found that CloudSEK was working on behalf of their client Star Health, whilst taking down the hacker's website.
While acknowledging the breach, Star Health strongly denied any involvement in this, terming this as a targeted malicious attack. "We want to categorically mention that our CISO has been duly co-operating in the investigation, and we have not arrived at any finding of wrongdoing by him to date. We request that his privacy be respected as we know that the threat actor is trying to create panic.”
Additionally, the insurer has also notified that an extensive forensic investigation is underway, where it is working with independent cybersecurity experts, government and regulatory bodies to address the issue. Earlier, Star Health had filed lawsuits against Telegram, the messaging app, for facilitating the distribution the data, and US software firm
While Cloudfare has denied the same, the Madras High Court had issued a temporary injunction demanding that Telegram block any chatbots distributing this leaked information. Per xenZen, this is not the first time they have bought and sold data from Indian companies. Previously, it had claimed to have compromised Airtel's servers, and took responsibility of their data breach. However, the data samples were later revealed to be a part of Indian telecom leak, which happened in 2023.