Star Health data leak: What recourse do policyholders have?
Just as Star Health policyholders were grappling with the company's growing reputation for rejecting genuine claims, a new issue has surfaced, adding to their frustration.
The company suffered a severe hacking episode last month in which a hacker using the alias “xenZen" created a website and Telegram chatbots to leak its policyholders' sensitive personal data from names, phone numbers, email IDs, addresses to financial and health information.
The hacker said Star Health's chief information security officer Amarjeet Khanuja sold the data to him and he made it public only when Khanuja reportedly sought more money than previously decided.
Star Health said Khanuja has been co-operating in the investigation and no wrongdoing by him had been found so far.
About 7.24 terabytes of data affecting 31 million customers has been compromised.
«A thorough and rigorous forensic investigation, led by independent cybersecurity experts is underway, and we are working closely with government and regulatory authorities at every stage of this investigation, including by duly reporting the incident to the insurance and cybersecurity regulatory authorities apart from filing a criminal complaint,» Star Health said in a media statement.
Also Read: Star Health data breach: Scope for mammoth scams amid few legal remedies?
CloudSEK, a Bengaluru-based data security firm, said the involvement of the CISO and other executives seems fabricated. According to CloudSEK, the threat actor shared two simultaneous chats—on the left, a TOX messaging platform known for anonymity, and on the right, emails allegedly from official Star Health accounts.
However, CloudSEK pointed out that this could easily be faked using a simple 'inspect element' trick to alter
Read more on livemint.com
