Star Health and Allied Insurance, India’s largest health insurer, has launched an internal investigation into allegations that its Chief Information Security Officer (CISO), Amarjeet Khanuja, may have been involved in a data breach that exposed sensitive customer information. The company confirmed that Khanuja is cooperating with the ongoing probe, and so far, no evidence of wrongdoing has been found against him.
The investigation follows claims made by a hacker known as xenZen, who used Telegram chatbots and websites to disseminate customer medical records and personal data. The hacker publicly alleged that Khanuja had sold the data, an accusation Star Health is taking seriously despite the absence of proof supporting the claim.
In a statement issued on Wednesday, Star Health reaffirmed its CISO’s cooperation in the investigation, saying, “Our CISO has been duly cooperating in the investigation, and we have not found any evidence of misconduct on his part to date.”
Last month, Star Health filed a lawsuit against the hacker and the messaging platform Telegram, after Reuters reported on the breach. The hacker used Telegram chatbots to leak customers’ personal data, including medical records and insurance claim details, before setting up websites that offered easy access to the information.
The breach has taken a toll on the company, with Star Health’s stock dropping 2% on Thursday, adding to a 6% decline since the initial report by Reuters on September 20.
Star Health acknowledged that it had been the victim of a targeted cyberattack that led to unauthorized access to certain data. The company has engaged independent cybersecurity experts to lead a forensic investigation and is working closely with authorities, having reported the incident to them. Star Health emphasized that, based on its initial assessment, there was “no widespread compromise,” and “sensitive customer data remains secure.”
A court in Tamil Nadu, where Star Health is headquartered, has granted a temporary injunction ordering Telegram and the hacker to block access to any chatbots or websites within India that make the leaked data available. While Telegram has yet to comment on the legal action, the hacker has vowed to join the court proceedings virtually, if permitted.
The case highlights growing concerns over Telegram’s content moderation policies, which have drawn global scrutiny. Telegram’s founder, Pavel Durov, was recently arrested in France amid accusations that the platform’s features are being exploited for illegal activities. Telegram, however, denies any wrongdoing, stating that the company addresses any issues brought to its attention. In response to the data leak, Telegram said it had removed the offending chatbots after they were flagged by Reuters.
Despite this, on Thursday, the hacker’s website remained active, allowing users to easily access samples of the leaked Star Health policy data, including claim documents and patient medical records. The site offered claim document samples in PDF format and allowed users to request up to 20 samples from a database containing information on 31.2 million policyholders, including names, policy numbers, and body mass index (BMI) data.
Star Health did not comment on the hacker’s website but issued a call to action for platforms, hosting companies, and social media channels to take immediate steps to halt the dissemination of this sensitive information. “We urge all platforms and users to take swift and decisive action to stop such activities,” the company said.
The data breach and the investigation into Khanuja’s role come at a critical time for Star Health, which continues to face legal challenges and rising concerns over cybersecurity in the insurance sector.
