Star Health data for sale on Telegram: How will it impact policyholders?

A hacker named xenZen is reportedly behind the leak. Interestingly, this comes two months after a hacker with the same name claimed to have accessed Airtel India's customer database

Star Health and Allied Insurance has seen a major data leak, as sensitive information of 31 million customers is publicly accessible through chatbots on Telegram.

These documents include policy details, claims information, and even medical diagnoses. Reuters tested the system and successfully downloaded over 1,500 files containing names, phone numbers, addresses, tax details, copies of ID cards, test results, and medical diagnoses of customers. Some of these documents were as recent as July 2024.

The breach has raised alarm bells across the industry, highlighting the critical vulnerabilities in the insurer's cybersecurity systems.
 

How will it impact consumers?

 

“The scale of this breach is alarming, calling for swift risk assessment and implementation of mitigation steps. The bulk of compromised data is sensitive in nature, and this amplifies the policyholders’ exposure to a variety of cybercrimes such as identity theft, phishing attacks, and financial fraud. While Star Health reaches out the policyholders with remediation steps, affected policyholders should act immediately. They should trace their digital footprint rather meticulously to enhance privacy and security settings and block anything that is remotely suspicious or “too good to be true”, immediately add two-step authentication to their emails, and change passwords on their digital accounts, particularly financial ones,” said Arya Tripathy, Partner, Cyril Amarchand Mangaldas.

 

“The immediate action would thus need to be at the end of the customer to secure their data by looking out for any unauthorised activity and if so, immediate steps be taken to secure their data such as reporting their specific cases to the local authorities including the Cyber Cell. Changing passwords and contacting their respective bank’s informing them about any potential misuse basis the breach should not be overlooked,” said Shiv Sapra, Partner, Kochhar & Co.

 

“More vendors should consider including a two-step verification process to avoid such breaches. While no system is foolproof, the risk can certainly be mitigated and contained,” he said.

 

The Insurance Regulatory and Development Authority of India is certainly expected to investigate the matter. While certainly possible that the breach occurred despite due care taken by the vendor, only a detailed investigation would reveal the reality.