Star Health Data Breach: Hacker Claims CISO Involved in Leaking Customer Information | India News – Times of India

CHENNAI: The Chief Information Security Officer (CISO) of Star Health Insurance was behind the company’s recent major customer data breachA claimed hacker who has put the data up for sale on his website. That’s what the hacker, who identified himself as xenZen, said C.I.S.O provided the API access to the entire customer data and posted a video showing the receipt of the customer data via email from CISO.
British cybersecurity researcher Jason Parker discovered the data breach when xenZen posted a sales offer on breach forums. Parker told TOI via email that when the hacker went looking for the source of the leak, he showed him chats, email communications and screen recordings with CISO.
“I have reviewed the video. As a security researcher, I know that it does not appear to be fake or altered at all. The emails load live as he watches them, which rules out any possibility of the emails being spoofed or edited. I have reviewed the video viewed.” I think it should be investigated by an independent government agency,” Parker said.
The hacker claims to have 7.24 TB of policyholder and claims data, including names, phone number, addresses, medical records, PAN, policy details, detailed medical records and claim amounts. The hacker showed some customers’ data as an example and set up a chatbot to sell data, all for $150,000.
TOI verified the identity and details of some victims, including government officials. People TOI spoke to confirmed their residential addresses and policy details. Venkat Ragavan, one of the victims and part of an organization’s IT team, was shocked.
“We do not share our personal information, even with friends, but do so in confidence with these companies. My identity could be misused for loan fraud and other criminal activities. The company should make proactive efforts to block these websites and collect data from it public domain to be removed with Emergency Response Teams (ERT) as individuals cannot do,” he said.
Star Health said in a statement that certain data has been accessed and is conducting a thorough and rigorous forensic investigation led by independent cybersecurity experts. The company said it has reported the incident to insurance and cybersecurity authorities.
Star Health also defended its CISO. It said: “CISO has cooperated with the investigation and we have not made any finding of misconduct by him to date.”
The company has applied for an injunction in the Madras High Court against messaging platform Telegram and IT management services company Cloudfare to prevent publication and access to its customer information.