Star Health, one of India’s largest health insurance providers, is currently examining allegations regarding its chief information security officer’s involvement in a data breach perpetrated by a hacker who has utilized Telegram chatbots and websites to share sensitive customer information.
Amarjeet Khanuja, the company’s chief information security officer (CISO), is reportedly cooperating with the investigation, which has not yet uncovered any evidence suggesting his wrongdoing, according to Star Health’s statement to Reuters.
The inquiry was initiated after a hacker known online as xenZen claimed on his website that Khanuja had “sold all this data to me.”
Attempts to reach Khanuja for comments were unsuccessful.
Star Health stated that “Our CISO has been duly co-operating in the investigation and we have not arrived at any finding of wrongdoing by him till date,” in a statement released on Wednesday.
Last month, following a report from Reuters on September 20, Star Health filed a lawsuit against both Telegram and the hacker. The report revealed that the hacker had used chatbots on the messaging platform to leak customer information and subsequently created websites that made this data easily accessible.
On Thursday, Star Health’s stocks saw a decrease of 2%, marking a decline of approximately 6% since the initial report.
Star Health described the situation as a targeted and malicious cyberattack leading to unauthorized access to specific data. The company has engaged independent cybersecurity experts to conduct a forensic investigation and is collaborating closely with authorities to address the incident.
An earlier assessment by Star indicated that there was “no widespread compromise,” assuring that “Sensitive customer data remains secure.”
A court in Tamil Nadu, Star’s home state, has issued a temporary injunction directing Telegram and the hacker to halt any websites or chatbots in India that make the compromised data available.
Telegram has yet to respond to the lawsuit, while the hacker plans to participate in the legal hearings online if given the opportunity.
Star’s lawsuit against Telegram emerges amid increasing global scrutiny of the messaging platform, especially after its founder Pavel Durov was recently arrested in France. There are ongoing concerns regarding Telegram’s content moderation practices and how its features may be exploited for illicit activities.
Both Durov and Telegram have denied any wrongdoing and are actively addressing these criticisms.
Telegram previously stated that it had removed the chatbots when alerted by Reuters regarding their existence.
Despite these measures, a website operated by the hacker continued to function on Thursday, enabling users to click a start button to obtain sample data related to Star Health’s policies, which included claim documents and medical records.
Star Health did not provide any comments regarding this website.
In its statement, the company urged “all platforms, hosting companies, social media channels and users to take swift and decisive action to halt such activities.”
The Telegram feature that allows users to create chatbots has contributed significantly to the platform’s growth, boasting 900 million active users per month globally.
The hacker’s website provided claim document samples in PDF format, with users able to request access to samples from a dataset of 31.2 million records, which included information such as names, policy numbers, and body mass index (BMI).
© Thomson Reuters 2024
(This story has not been edited by NDTV staff and is auto-generated from a syndicated feed.)
