Star Health Got $68,000 Ransom Demand After Data Leak
Photo: Reuters/Dado Ruvic
NEW DELHI, (REUTERS) – Star Health, India’s biggest health insurer, on October 12 said it had received a ransom demand of $68,000 from a cyberhacker in connection with a leak of customer data and medical records.
Star, which has a roughly $4 billion market cap, has been battling a reputational and business crisis since Reuters reported on September 20 that a hacker had used Telegram chatbots and a website to leak customers’ sensitive data, including tax details and medical claim papers.
The company, whose shares have declined 11%, has launched internal investigations and has taken legal action against Telegram and the hacker, whose website continues to share samples of Star customers’ data.
Star, which has previously said it is a “victim of a targeted malicious cyberattack”, has now revealed for the first time that in August “the threat actor demanded a ransom of $68,000 in an email” addressed to the company’s managing director and its chief executive.
The statement came after Indian stocks exchanges sought clarifications from Star after the Reuters report that the company was investigating allegations that its chief security officer was involved in the data leak.
Star reiterated it has found no wrongdoing by the official, Amarjeet Khanuja, though the internal investigation is ongoing.
Telegram has declined to share the account details or permanently ban accounts linked to the hacker – an individual dubbed xenZen – “despite multiple notices issued in this regard,” Star said.
Star said it has “sought the assistance” of Indian cyber security authorities to “help us identify” the hacker.