In a shocking development, a hacker known as “xenZen” has accused Star Health’s Chief Information Security Officer (CISO) of orchestrating a major data breach. The hacker alleges that the CISO, identified as Amarjeet Khanuja, sold customer data and later demanded more money to maintain access to the company’s servers. This breach has led to the personal data of over 3 crore Star Health customers being exposed, sparking concerns over data security and corporate responsibility.
Allegations of CISO Involvement
According to a post shared by “xenZen” on the social media platform X, Khanuja, the CISO of Star Health, initially sold the data but attempted to renegotiate the deal, seeking additional compensation for ongoing server access. The hacker has gone further by sharing alleged chat logs and emails with Khanuja, purportedly confirming the transactions. These claims have set off alarm bells across the cybersecurity community.
Star Health’s Response: Preliminary Investigation Clears CISO
In a statement to NDTV Profit, Star Health confirmed the hack but emphasized that an internal preliminary investigation has found no evidence of wrongdoing by its CISO. The company urged the public to avoid jumping to conclusions and warned against any attempt to disseminate the stolen data, reminding that such actions are illegal.
“We request that the privacy of our CISO be respected, as we believe the hacker is attempting to create panic,” the statement read. “Any unauthorized acquisition or dissemination of customer data is a violation of the law, and we are cooperating fully with authorities to address this breach.”
Data Leak and Its Aftermath
The hacker, “xenZen,” has allegedly listed the personal data of over 3 crore Star Health customers for sale online. The full dataset is reportedly available for $150,000 (INR 1.26 crore), while a smaller portion consisting of 1 lakh entries is priced at $10,000 (INR 8.4 lakh). The leaked data includes sensitive information such as customer names, addresses, phone numbers, PAN details, medical history, policy nominees, and even Aadhaar and PAN card photos.
The data breach, which has exposed over 7.24 terabytes of sensitive information, is considered one of the largest in India’s healthcare sector. Some of this data, including medical reports and claim details, has reportedly been shared on platforms like Telegram, making the situation even more concerning for affected customers.
Star Health’s Operations Unaffected
Despite the scale of the data breach, Star Health has reiterated that its day-to-day operations remain unaffected. The insurer assured customers that all services, including claims processing and policy renewals, are continuing without disruption.
The company also stated that it has initiated a thorough forensic investigation into the breach, working closely with independent cybersecurity experts and government regulatory bodies to uncover the full extent of the damage. “A rigorous forensic investigation is underway, and we are committed to ensuring that no stone is left unturned in resolving this matter,” Star Health said in its official communication.
Rising Cybersecurity Threats in India
The Star Health data breach is part of a larger trend of escalating cyberattacks in India. Just earlier this year, the cryptocurrency exchange WazirX suffered a major hack, leading to the loss of digital assets worth over $230 million. Similarly, IndusInd Bank saw INR 40 crore siphoned from its customers’ accounts in July, with authorities only able to recover INR 33 crore.
These incidents highlight the growing threat of cybercrime in the country, particularly in industries that handle vast amounts of sensitive data like healthcare and finance. To tackle this rising menace, the Indian government has taken several proactive steps. A central registry of cybercrime suspects has been established, and initiatives like the Cyber Fraud Mitigation Centre (CFMC) and the Samanvay platform have been launched to counter the growing wave of cyberattacks.
The Way Forward for Star Health
As the investigation into the data breach continues, all eyes are on Star Health and how it handles the fallout from this cybersecurity crisis. With personal data security becoming an increasingly important issue, companies like Star Health are under pressure to fortify their systems and ensure that such breaches do not happen again.
In the meantime, customers affected by the leak are urged to be vigilant. Identity theft and financial fraud are real possibilities in cases of large-scale data breaches like this one, and individuals should take steps to protect themselves by monitoring their financial accounts, updating passwords, and being cautious of unsolicited communications that may stem from their leaked personal information.
Final Thoughts
It is disturbing to learn that a senior executive is allegedly connected to one of the biggest data breaches in the Indian healthcare sector. Customers and stakeholders are nonetheless concerned about the hacker’s allegations, despite Star Health’s insistence that no proof of its CISO’s involvement has been discovered. The conclusion of the inquiry will not only affect Star Health’s standing but also establish a standard for how Indian businesses manage cybersecurity in the face of escalating dangers.
Read more: Marketing News, Advertising News, PR and Finance News, Digital News
