India’s Star Health sues Telegram after hacker uses chatbots to leak data

Top Indian insurer Star Health has sued Telegram and an alleged hacker after Reuters reported that the hacker used chatbots on the messaging app to leak policyholders’ personal data and medical reports.

The lawsuit comes amid increasing scrutiny of Telegram globally and the arrest of founder Pavel Durov in France last month, alleging the app’s content moderation and features were abused for illegal activities. Durov and Telegram denied wrongdoing and responded to the criticism.

Star has received a temporary injunction from a court in its home state of Tamil Nadu ordering Telegram and the hacker to block chatbots or websites in India that make the data available online, according to a copy of the order.

Star has also sued US-listed software company Cloudflare Inc, alleging the leaked data was hosted on websites using its services.

“Confidential and personal data of… customers and of the complainant’s business activities in general have been hacked and leaked through the use of (Telegram’s) platform,” the Madras High Court order dated September 24 said.

Star, a listed entity with a market capitalization of over $4 billion (about Rs. 33,473 crore), made details of the lawsuit public for the first time in a newspaper advertisement in The Hindu on Thursday.

The court has notified both Telegram and Cloudflare in this case and will next hear the case on October 25.

Star’s newspaper ad stated that the company had sought an injunction banning Telegram and Cloudflare from using the trade name “Star Health” or making its data available online.

Star Health, Telegram and Cloudflare did not respond to a Reuters request for comment.

The ability for users to create chatbots is widely credited with helping Dubai-based Telegram become one of the world’s largest messenger apps with 900 million active monthly users.

Reuters reported last week that an individual going by the name xenZen had made stolen data, including medical reports from Star customers, publicly accessible on Telegram, just weeks after Telegram’s founder was accused of allowing the app to facilitate crime.

Star had previously said its initial review found “no widespread compromise” had been discovered and “sensitive customer data remains secure”.

Two chatbots distributed data from Star Health. One offered claim documents in PDF format. The other allowed users to query up to 20 samples from 31.2 million data sets with one click, with details such as policy number, name and even body mass index.

In testing the bots, Reuters downloaded more than 1,500 files, some dating back as recently as July 2024, including policy and claim documents containing names, phone numbers, addresses, tax cards, copies of ID cards, test results, medical diagnoses and blood. reports.

Reuters shared details of the chatbots with Telegram on September 16 and within 24 hours, spokesperson Remi Vaughn said they had been “removed.” Later, more chatbots appeared.

Star has also sued the alleged hacker, xenZen, in the lawsuit. The hacker said in an email to Reuters on Thursday that they will participate in the hearings online if allowed.

The Star Health chatbots are part of a broader trend of hackers using such methods to sell stolen data. Of the five million people whose data was sold via chatbots, India represented the largest number of victims at 12 percent, according to NordVPN’s latest epidemic survey conducted in late 2022.

© Thomson Reuters 2024

(This story has not been edited by NDTV staff and is auto-generated from a syndicated feed.)