Sensitive Data of 31 Million Star Health Customers Leaked via Telegram Chatbots

Sensitive medical and personal information of over 31 million customers of Star Health, India’s largest health insurer, has been leaked and is accessible through Telegram chatbots. These chatbots, created by a hacker alias “xenZen,” allow users to access policy and claims documents containing names, phone numbers, medical diagnoses, and more. The data is allegedly sold in bulk, though samples can be obtained through the chatbots for free. Despite claims of ongoing efforts to protect user privacy, Star Health has yet to notify affected customers directly.

UK-based security researcher Jason Parker uncovered the breach, revealing that the chatbots have been active since at least August 6. Star Health reported the data breach to Indian authorities on August 14, after being contacted by the hacker. However, Reuters retrieved over 1,500 files, with some documents dated as recently as July 2024, through the bots before they were taken down by Telegram. Star Health maintains that “sensitive customer data remains secure,” but evidence suggests otherwise.

The leak highlights growing concerns over Telegram’s role in facilitating cybercrime. The platform, known for its anonymous features and customizable bots, is increasingly being used by hackers to sell stolen data. Despite Telegram’s proactive efforts to remove harmful content, the creation of new bots to distribute Star Health’s data continues, underscoring the challenge of data security in India’s rapidly digitizing healthcare sector.

Pic Courtesy: google/ images are subject to copyright