Star Health data breach: Personal information of over 30 million customers exposed!
Star Health data breach: Personal information of over 30 million customers exposed
Star Health has disclosed a detailed timeline of events surrounding a significant data breach affecting the personal information of over 30 million customers. The breach, which came to light on August 13, prompted the company to report the incident to regulatory bodies, including CERT-In and the Insurance Regulatory and Development Authority of India (IRDAI).
Incident Overview
Following a ransom demand of $68,000 (INR 57 lakh) from a hacker using the alias "vladislav rs," Star Health immediately notified relevant authorities on August 14. The hacker had sent multiple emails directly to the company’s MD and CEO, Anand Roy. Although the company did not respond to these demands, it swiftly acted to address the breach.
By August 22, the hacker launched a website called “starhealthscam.in” to sell the compromised data. The following week, Star Health, in collaboration with law enforcement, managed to take down several websites created by the hacker.
Key Events Chronology
August 13: Ransom email sent to the MD & CEO.
August 14: Incident reported to CERT-In, IRDAI, and internal board members.
August 22: Hacker establishes “starhealthscam.in” to sell the stolen data.
August 29: Star Health collaborates with law enforcement to dismantle hacker-created websites.
September 11: The company issues a notice to Telegram to remove data-sharing bots but encounters difficulties in obtaining account details.
September 22: Star Health files a petition in Madras High Court against Cloudflare, Telegram, and the hacker, seeking an injunction against the misuse of its data.
September 23: FIR registered by the Tamil Nadu Cyber Crime Cell under various sections of Indian law.
September 24: Madras High Court grants interim injunctions against the use of Star Health’s brand and the dissemination of leaked data.
Ongoing Investigation and Response
In response to the breach, Star Health has engaged an independent expert for a comprehensive forensic investigation, expected to conclude by the end of October. The company claims to have implemented preventive measures to strengthen its cybersecurity infrastructure.
This incident raises serious concerns about the adequacy of cybersecurity practices among Indian companies, highlighting the need for robust protective measures in an increasingly digital landscape. The implications of this breach may have lasting effects on consumer trust and regulatory scrutiny in the industry.