Shares of Star Health & Allied Insurance Company experienced a significant 2.5% decline on October 10, following the announcement of a severe data breach that compromised sensitive information of over 3.1 crore customers. The incident has raised alarming questions about the company’s cybersecurity measures and the potential fallout for both its reputation and customer trust.
Details of the Breach
As of 9:31 AM, Star Health shares were trading at ₹263.90 on the National Stock Exchange (NSE). The breach is linked to a hacker known as "xenZen," who claims to have stolen vast amounts of sensitive customer data, including Aadhaar and PAN card photographs, medical reports, and over five million insurance claim details. Much of this compromised data has reportedly been shared on social media platforms like Telegram, and is now allegedly being sold online.
Allegations Against the Chief Information Security Officer (CISO)
In a shocking twist, hacker has accused Star Health’s Chief Information Security Officer (CISO), Amarjeet Khanuja, of facilitating the breach. The hacker claims that Khanuja sold the data and later sought further compensation on behalf of the company’s senior management. In response, Star Health has denied any wrongdoing by its CISO, stating that Khanuja is fully cooperating with the investigation and that no evidence has emerged to support the hacker's claims. The company emphasized the need to respect Khanuja’s privacy, accusing the hacker of trying to sow panic among customers.
Insider Breach Allegations Supported by Cybersecurity Expert
UK-based cybersecurity researcher Jason Parker discovered the breach when haker posted a sale listing on breach forums. Parker reviewed a video allegedly showing email exchanges between the hacker and the CISO. According to Parker, the video appears authentic, with live email interactions suggesting that the footage has not been tampered with. He believes an independent government agency should investigate the matter to uncover the truth.
The hacker has claimed possession of 7.24 terabytes of data, which includes policyholders' personal details, medical records, and claim amounts. Samples of this data have been displayed on the hacker’s site, with the entire database being offered for sale for $150,000 via a chatbot.
Legal Battle
This breach follows a recent lawsuit filed by Star Health against Telegram and an unidentified hacker, after a Reuters report revealed that chatbots were being used on Telegram to leak sensitive customer information. The company has been embroiled in ongoing legal efforts to contain the damage from previous data leaks.
As investigations continue, the company faces the dual challenge of restoring customer confidence and securing sensitive data. The stock market’s response underscores the potential long-term impact on the company’s operations and reputation.
With inputs from agencies
Image Source: Multiple agencies
© Copyright 2024. All Rights Reserved Powered by Vygr Media.
