In a massive data breach unfolding right now, sensitive information of over 31 million Star Health Insurance customers is being sold online for $150,000. The leaked data includes personal details such as names, dates of birth, addresses, phone numbers, PAN card details, and salary information, making millions of Indians vulnerable to identity theft, financial fraud, phishing scams, and more.
The hacker, identified as xenZen, claims to have obtained the data through an insider deal with Star Health’s Chief Information Security Officer (CISO), Amarjeet Khurana. The hacker alleges that Khurana sold the data and then tried to alter the terms of their agreement. To prove the legitimacy of the data, over 500 random samples, including those of Indian government officials, have been released.
Two weeks ago, Star Health filed a lawsuit against Telegram and an unknown hacker after it was discovered that sensitive data was being leaked via the messaging platform. It appears the hacker is the same individual involved in the lawsuit. The leaked dataset, which is up-to-date as of July 2024, is being sold as a whole or in smaller batches, with custom packages also up for negotiation.
This breach raises concerns over the safety and security of personal information in India, with significant risks including identity theft, targeted scams, and extortion. Star Health has yet to release an official statement on this unfolding incident.
