Sign up for your FREE personalized newsletter featuring insights, trends, and news for America's aging Baby Boomers

Newsletter
New

Top Health Insurance Firm Hacked, Sensitive Customer Data Including Medical Records Leaked Online

Card image cap

Star Health and Allied Insurance, one of the biggest health insurance organizations in India, has suffered a cyberattack that saw sensitive customer data stolen and then leaked on Telegram via a number of bots.

The information stolen and subsequently leaked included people’s full names, phone numbers, postal addresses, medical reports, and insurance claims.

Furthermore, for some people it included copies and scans of ID cards and certain tax details - more than enough information to run identity theft campaigns, phishing, and possibly even wire fraud.

Investigation under way

When Star Health and Allied Insurance learned of the breach, it moved to contain it. Since the data was leaking via Telegram, it sued the instant messaging platform for facilitating crime. Hackers apparently also propped up websites to hold the data, which were hosted on Cloudflare, which is allegedly being mentioned in the lawsuit, too.

A local court issued a legal order, forcing Telegram and Cloudflare to restrict access to the stolen information, which appaears to have been only partially successful, since the sites are still accessible from some ISPs in the country - and it's not known if the bots are still active on Telegram.

At press time, the victim did not yet issue any statement. It told TechCrunch a “forensic investigation” is underway, and added that it would be premature for a public company to comment before the investigation is concluded.

We don’t know exactly how many customers are affected by this incident. According to Life Insurance International - everyone, and that means more than 31 million people. The stolen data reportedly totalled 7.24 terabytes. We also don’t know if this is the work of a ransomware organization, and if the company was asked for payment to keep the data private. The breach happened in August.

Via TechCrunch

More from TechRadar Pro


Recent