Star Health and Allied Insurance Company Ltd has been issued a show cause notice by the Insurance Regulatory and Development Authority of India (IRDAI) over alleged compliance concerns.
The notice, dated Dec. 4, outlined alleged non-compliance with several regulatory guidelines.
The company disclosed the development in a stock exchange filing, confirming that IRDAI had raised concerns over potential breaches of regulations such as:
Star Health has been directed to provide a response within 21 days, including relevant supporting documents.
Star Health said it is working on providing adequate replies to the alleged violations.
“The company believes that there will not be any impact. However, the outcome and related implications cannot be predicted with certainty at this stage,” it said.
The insurer noted that the timing of the disclosure was linked to its internal assessment of the situation.
“The company was undertaking internal assessments with regard to the impact because of the Show Cause Notice. The company believes that there will not be any impact, and hence the disclosure is being submitted now to the stock exchanges,” it said.
The announcement about alleged non-compliance with several regulatory guidelines comes on the heels of Star Health’s decision to take the messaging platform Telegram and an individual hacker to court after discovering that sensitive policyholder information was leaked through Telegram chatbots. The insurer has also named Cloudflare Inc, a US-based hosting company, in its lawsuit.
According to the company, the breach was detected in mid-September when chatbots on Telegram were found disseminating customer details, including policy numbers, claim information, and medical records. One bot allowed users to access datasets with up to 20 entries per query, while another shared claim-related documents.
More than 1,500 files containing customer data were reportedly downloaded, including information as recent as July 2024.
Although Telegram removed the compromised chatbots shortly after being informed, the company reported the appearance of additional bots sharing similar data.
The breach led Star Health to file legal claims against a hacker identified as “xenZen.” The individual reportedly expressed a willingness to participate in court proceedings remotely.
