Star Health takes Telegram and hacker to court over massive data leak
Star Health takes Telegram and hacker to court over massive data leak | Insurance Business Asia
Cyber
Star Health takes Telegram and hacker to court over massive data leak
Sensitive customer data affected
Cyber
By
Roxanne Libatique
India’s Star Health and Allied Insurance Co (Star Health) has filed a lawsuit against messaging app Telegram and an alleged hacker after discovering customer data leaks, including sensitive medical records, through chatbots on the platform.
The case highlights growing concerns over cybersecurity threats in the insurance and financial sectors across the Asia-Pacific (APAC) region, where such incidents are becoming more frequent.
Star Health sues Telegram
According to a Reuters report, the Madras High Court in Tamil Nadu granted a temporary injunction to Star Health, ordering Telegram and the hacker to block access to the compromised data being disseminated via chatbots and through websites reportedly hosted by US-based Cloudflare Inc.
The lawsuit, revealed publicly through an advertisement in The Hindu newspaper, requests an injunction prohibiting the use of Star Health’s trade name and data by Telegram and other online entities.
Notices have been issued to both Telegram and Cloudflare, and a follow-up hearing is scheduled for Oct. 25. No official statements have been made by any of the parties involved.
Star Health data breach
The data leak was first detected in mid-September when chatbots on Telegram were found sharing Star Health policy and claims data, including personal information. One chatbot distributed claim documents, while another allowed users to access up to 20 datasets per query, containing policy numbers, names, and medical records.
According to Reuters, over 1,500 files with policyholder information were downloaded, some dated as recently as July 2024. Although Telegram removed the offending chatbots within 24 hours of being informed, new bots reportedly surfaced afterward.
Star Health sues hacker
In addition to suing Telegram and Cloudflare, Star Health also filed a lawsuit against the hacker, known as “xenZen.”
The hacker communicated with Reuters, stating they were willing to participate in the legal proceedings online.
Despite the breach, Star Health emphasised that no widespread compromise of its systems has been found, and investigations are ongoing.
Rising cyberattacks in APAC region
This incident reflects a broader rise in cyberattacks across the APAC region, where financial institutions, including insurers, are increasingly targeted.
Akamai’s report also pointed to an increase in DDoS attacks on financial institutions, driven by geopolitical tensions. The report highlighted that, in 2022, 34% of all global DDoS attacks were aimed at financial services, followed by 18% targeting the gaming industry and 15% aimed at the technology sector.
Cyberattacks continue to be a pressing issue for financial services in the APAC region, exposing insurers to reputational risks, regulatory scrutiny, and operational disruptions.
Insurers and asset managers focus on cybersecurity
Many firms are responding by increasing their investments in cybersecurity.
The report also noted that firms are implementing more rigorous vendor evaluations and enhancing their cloud security measures.
Related Stories
Keep up with the latest news and events
Join our mailing list, it’s free!
