New Delhi, October 9 (IANS). After the report of customer data of ‘Star Health’, one of the country’s largest health insurance companies, being available on Telegram, now a hacker has uploaded the entire 7.24 TB data related to more than 3.1 crore customers of the company on a website. Has been put up for open sale for $1,50,000.
The company said on Wednesday that a thorough forensic investigation into the “targeted malicious cyber attack” is underway.
The hacker has also offered a “partial sale of a million entries for $10,000.” It claimed that the data available for sale includes insurance claims of 57,58,425 customers of Star Health (till the beginning of August 2024) as well as reported insurance claim data of 3,12,16,953 customers (till July).
The hacker, identifying himself as “Jenzhen” and whose whereabouts are unknown, wrote on the website that “I am leaking sensitive data of all customers and insurance claims of ‘Star Health India’.”
The hacker claimed that “This leak is sponsored by Star Health and Allied Insurance Company, who sold this data to me directly. You can check the authenticity of the data in the Telegram bots below and read how they sold it “
The leaked data reportedly includes full name, PAN number, mobile number, email, date of birth, residential address, date of birth of the insured person, name of the insured person, gender, pre-existing diseases, policy number, health card, nominee name, Includes name, age, claims, relation of the nominee, height of the insured, weight, BMI and more.
The hacker is selling alleged data through two separate and active chatbots on the website. Anyone can view the said data after pressing the start button on the bot.
In a statement to IANS, Star Health Insurance said it has been the victim of a malicious targeted cyber attack, resulting in unauthorized and illegal access to certain data.
The insurer said that “We make it absolutely clear that our operations are unaffected, and all services are continuing without any disruption. A thorough and rigorous forensic investigation is underway, led by independent cyber security experts, and we will follow every step of this investigation.” “Steps include working closely with government and regulatory authorities, including duly reporting the incident to insurance and cyber security regulatory authorities and filing a criminal complaint.”
–IANS
SCH/AKJ
