Hacker selling 7 TB of Star Health Insurance’s customer data using Telegram

Sensitive customer data from Star Health and Allied Insurance, India’s largest standalone health insurer, has been leaked via chatbots on the messaging platform Telegram, raising serious concerns about data security and privacy in the healthcare sector, a Reuters report said.

This breach, potentially affecting over 31 million customers, underscores the growing threat of cybercriminals exploiting messaging apps to distribute stolen information.

According to the report, the breach was first flagged by UK-based cybersecurity researcher Jason Parker, who discovered that two Telegram chatbots were offering access to Star Health customer data. The stolen data includes names, addresses, phone numbers, policy details, government ID numbers, and highly sensitive medical information such as test results and diagnoses.

The data is available for free in small portions, while bulk data — amounting to 7.24 terabytes — is being offered for sale, according to a hacker using the alias “xenZen.”

Parker’s investigation revealed that the chatbots had been operational since at least August 6, 2024, offering access to Star Health customer data in PDF documents and specific datasets. Although Telegram removed the chatbots within 24 hours of being notified, new chatbots offering the same data quickly reappeared, underscoring the persistent challenges in policing illicit activities on the platform, the report added.

The news agency has claimed that it could also download around 1500 files containing customer data.

In response, Star Health confirmed the breach, stating that it has reported the incident to local authorities, including the Tamil Nadu cybercrime department and the national cybersecurity agency CERT-In.

The company, which has a market capitalization exceeding $4 billion, claimed in a statement to the news agency that its initial investigation found “no widespread compromise” of customer data and that “sensitive data remains secure.” However, media investigations have uncovered detailed personal information being shared, contradicting the company’s initial assessment.

As of now, Star Health has not provided an updated estimate of the extent of the breach or notified affected customers directly. Customers who have had their medical records and ID documents leaked, including individuals such as policyholder Sandeep TS, confirmed the authenticity of the exposed data but were not informed of the breach by the company.

In an August 14 stock exchange filing, Star Health acknowledged investigating a possible breach but only referred to “a few claims data.” As the full scope of the incident becomes clearer, this raises significant questions about the company’s transparency and response protocols in managing such a critical security incident.

Telegram: A haven for cybercriminals?

This breach illustrates the broader cybersecurity challenges posed by messaging platforms like Telegram, which allows users to create chatbots to automate tasks. With over 900 million active monthly users, Telegram has emerged as a favorite tool for cybercriminals seeking to distribute stolen data due to its relative anonymity and ease of use.

Recently, Telegram’s founder Pavel Durov was arrested in France pertaining to issues with content moderation and for “allowing the platform to be used by criminals.” The company has since faced increasing scrutiny over its functioning.

Cybersecurity experts point to the exploitation of Telegram chatbots as part of a growing trend where criminals use increasingly sophisticated methods to monetize stolen data. NordVPN cybersecurity expert Adrianus Warmenhoven commented on the rise of such incidents, stating, “Telegram has become an easy-to-use storefront for criminals, and while the platform itself may not be responsible, it creates an environment ripe for abuse.”

A 2022 survey conducted by NordVPN highlighted that India represented the largest number of victims among the five million people affected globally by chatbot-driven data sales, accounting for 12% of total victims.

This breach at Star Health, given its scale and sensitive nature, could significantly worsen that statistic.