India’s largest health insurer, Star Health, is conducting an internal investigation following claims that its Chief Information Security Officer (CISO), Amarjeet Khanuja, may have been involved in a significant data leak.
A hacker, known as xenZen, publicly alleged that Amarjeet Khanuja sold customer data, including medical records and personal information, which were later disseminated via Telegram chatbots and websites, Reuters news report said.
Star Health confirmed the investigation into the cyber security attack and stated that Amarjeet Khanuja has been cooperating, with no evidence of wrongdoing discovered so far.
The company has been the victim of a “targeted, malicious cyberattack” leading to unauthorized access to certain customer data. Independent cybersecurity experts are conducting a forensic investigation, and Star is working closely with authorities.
The incident gained attention after xenZen’s claim that Amarjeet Khanuja sold the data was posted on the hacker’s website. In response, Star Health filed a lawsuit against Telegram and the hacker after it was revealed that Telegram chatbots were used to leak customer data, including policy details and medical records. Telegram has since removed the chatbots, but a separate website created by the hacker continues to provide access to the stolen data.
A court in Tamil Nadu granted Star a temporary injunction, ordering the removal of any chatbots or websites in India that distribute the data. Star Health continues to urge platforms and hosting services to take immediate action to stop the spread of leaked information.
The company emphasized that sensitive customer data remains secure, despite the breach. However, Star Health’s stock has dropped by 6 percent since the news broke in September. The case continues as Star pursues legal action and tightens its cybersecurity measures.
