Key Takeaways
India’s largest health insurer, Star Health and Allied Insurance, has been affected by a major data leak that is reportedly affecting millions of customers.
Details about the stolen data were posted on Breach Forums by a user with the handle XenZen, who has made the information available on Telegram.
Following the leak, Telegram bots were created to automate the distribution of the stolen data. The bots automatically provide data samples for free while large datasets can be purchased, Reuters reported on Sept. 20.
The breach exposed customers’ personal details, including policy numbers and contact information.
According to the post on Breach Forums, the hacked data consists of 66.24 TB of files relating to more than 5 million insurance claims.
Over 31 million Star Health customers are affected, with the latest information dated July 2024.
In a statement to Reuters, the company said it had reported the alleged unauthorized data access to local authorities. However, it claimed an initial assessment showed “no widespread compromise” and that “sensitive customer data remains secure.”
The latest data breach isn’t the first one attributed to the pseudonymous hacker XenZen.
According to local media , the same actor previously claimed to have access to a database containing information about Airtel India customers.
They also appear to be behind data theft from the Indian government’s online migration portal, eMigrate. The compromised data allegedly contained 200,000 internal and registered user entries in this data theft case.