Star Health takes Telegram and hacker to court over massive data leak

Sensitive customer data affected

Star Health takes Telegram and hacker to court over massive data leak

Cyber

By Roxanne Libatique

India’s Star Health and Allied Insurance Co (Star Health) has filed a lawsuit against messaging app Telegram and an alleged hacker after discovering customer data leaks, including sensitive medical records, through chatbots on the platform.

The case highlights growing concerns over cybersecurity threats in the insurance and financial sectors across the Asia-Pacific (APAC) region, where such incidents are becoming more frequent.

Star Health sues Telegram

According to a Reuters report, the Madras High Court in Tamil Nadu granted a temporary injunction to Star Health, ordering Telegram and the hacker to block access to the compromised data being disseminated via chatbots and through websites reportedly hosted by US-based Cloudflare Inc.

According to the court filings, Star Health claims that confidential customer information, including policy numbers and medical details, was stolen and spread using Telegram’s service.

The lawsuit, revealed publicly through an advertisement in The Hindu newspaper, requests an injunction prohibiting the use of Star Health’s trade name and data by Telegram and other online entities.

Notices have been issued to both Telegram and Cloudflare, and a follow-up hearing is scheduled for Oct. 25. No official statements have been made by any of the parties involved.

Star Health data breach

The data leak was first detected in mid-September when chatbots on Telegram were found sharing Star Health policy and claims data, including personal information. One chatbot distributed claim documents, while another allowed users to access up to 20 datasets per query, containing policy numbers, names, and medical records.

According to Reuters, over 1,500 files with policyholder information were downloaded, some dated as recently as July 2024. Although Telegram removed the offending chatbots within 24 hours of being informed, new bots reportedly surfaced afterward.

Star Health sues hacker

In addition to suing Telegram and Cloudflare, Star Health also filed a lawsuit against the hacker, known as “xenZen.”

The hacker communicated with Reuters, stating they were willing to participate in the legal proceedings online.

Despite the breach, Star Health emphasised that no widespread compromise of its systems has been found, and investigations are ongoing.

Rising cyberattacks in APAC region

This incident reflects a broader rise in cyberattacks across the APAC region, where financial institutions, including insurers, are increasingly targeted.

Akamai’s State of the Internet report recently noted that the APAC region leads globally in phishing threat scores, with financial services being the most targeted sector for distributed denial-of-service (DDoS) attacks.

Akamai’s report also pointed to an increase in DDoS attacks on financial institutions, driven by geopolitical tensions. The report highlighted that, in 2022, 34% of all global DDoS attacks were aimed at financial services, followed by 18% targeting the gaming industry and 15% aimed at the technology sector.

Cyberattacks continue to be a pressing issue for financial services in the APAC region, exposing insurers to reputational risks, regulatory scrutiny, and operational disruptions.

Insurers and asset managers focus on cybersecurity

Many firms are responding by increasing their investments in cybersecurity.

A recent survey by Moody’s indicated that insurers and asset managers globally have significantly raised their cybersecurity spending, with budgets rising by over 50% between 2019 and 2023. Ta

The report also noted that firms are implementing more rigorous vendor evaluations and enhancing their cloud security measures.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!