Thursday , November 21 2024

India’s Star Health receives $68k ransom demand after data leak

14-10-2024

NEW DELHI: Star Health, India’s biggest health insurer, on Saturday said it had received a ransom demand of $68,000 from a cyberhacker in connection with a leak of customer data and medical records.

Star, which has a roughly $4 billion market cap, is battling a reputational and business crisis since Reuters reported on Sept. 20 that a hacker had used Telegram chatbots and a website to leak customers’ sensitive data, including tax details and medical claim papers.

The company, whose shares have declined 11%, has launched internal investigations and has taken legal action against Telegram and the hacker, whose website continues to share samples of Star customers’ data.

Star, which has previously said it is a “victim of a targeted malicious cyberattack”, on Saturday revealed for the first time that in August “the threat actor demanded a ransom of $68,000 in an email” addressed to the company’s managing director and its chief executive.

The statement came after Indian stocks exchanges sought clarifications from Star on a Friday over a Reuters report that the company was investigating allegations that its chief security officer was involved in the data leak.

Star reiterated on Saturday it has found no wrongdoing by the official, Amarjeet Khanuja, though the internal investigation is ongoing.

Telegram has declined to share the account details or permanently ban accounts linked to the hacker, an individual dubbed xenZen “despite multiple notices issued in this regard,” Star said on Saturday.

Star said it has “sought the assistance” of Indian cyber security authorities to “help us identify” the hacker.

The Dubai-based messenger app has previously said it removed the chatbots when media flagged them to the platform.

Last month, stolen customer data including medical reports from India’s biggest health insurer, Star Health, is publicly accessible via chatbots on Telegram, just weeks after Telegram’s founder was accused of allowing the messenger app to facilitate crime.

The purported creator of the chatbots told a security researcher, who alerted Reuters to the issue, that private details of millions of people were for sale and that samples could be viewed by asking the chatbots to divulge.

Star Health and Allied Insurance, opens new tab, whose market capitalization exceeds $4 billion, in a statement to Reuters said it has reported alleged unauthorized data access to local authorities. It said an initial assessment showed “no widespread compromise” and that “sensitive customer data remains secure”.

Using the chatbots, media was able to download policy and claims documents featuring names, phone numbers, addresses, tax details, copies of ID cards, test results and medical diagnoses.

The ability for users to create chatbots is widely credited with helping Dubai-based Telegram become one of the world’s biggest messenger apps with 900 million active monthly users.

However, the arrest of Russian-born founder Pavel Durov in France last month has increased scrutiny of Telegram’s content moderation and features open to abuse for criminal ends. Durov and Telegram denied wrongdoing and are addressing the criticism. The use of Telegram chatbots to sell stolen data demonstrates the difficulty the app has in preventing nefarious agents taking advantage of its technology and highlights the challenges Indian companies face in keeping their data safe. (Int’l Monitoring Desk)

Check Also

British farmers protest against ‘tractor tax’ on inheritance

21-11-2024 LONDON: British farmers have descended on London to call on the government to scrap …