Madras High Court Petition Calls for Investigation into Star Health Insurance Data Breach
On October 9 of this year, the insurance company announced that it had fallen victim to a cyber-attack, leading to unauthorised and illegal access to certain data
Star Health Insurance
A petition has been submitted to the Madras High Court, calling for an investigation into the alleged data breach at Star Health Insurance, a national insurance firm.
On Monday, Justice M. Dhandapani briefly heard the petition filed by cybersecurity researcher Himanshu Pathak, who highlighted the significant data breach and sought immediate action.
Senior Advocate Srinath Sridevan, representing Pathak, urged the Court to direct the Union government to initiate an investigation into the incident. However, the Union Ministry of Electronics and Information stated that the inquiry should be conducted by the Insurance Regulatory and Development Authority (IRDA), not the Central government.
Justice Dhandapani indicated that the Court would issue orders on October 17 regarding whether the Union government has the authority to conduct such an investigation.
Last month, Star Health and Allied Insurance experienced a cyber attack, resulting in the alleged exposure of personal data—including mobile numbers, PANs, addresses, and pre-existing medical conditions—of approximately 3.1 crore customers on a website created by a hacker identified as “xenZen.” The hacker claimed that the Chief Information Security Officer (CISO) of the insurance firm sold this data and subsequently attempted to alter the terms of their agreement.
In his petition, Pathak has requested directives for the Central government and the Securities and Exchange Board of India (SEBI) to suspend Star Health’s online operations. He has also called for an investigation into how the company's CISO and senior management allegedly sold millions of sensitive customer records, including critical medical data, to a Chinese hacker.
On October 9 of this year, the insurance firm confirmed that it had been a victim of a cyber attack that resulted in unauthorised and illegal access to certain data, stating that a probe was underway.
On Monday, Star Health Insurance informed the Court that it had filed a civil suit seeking, among other things, an injunction to prevent the public disclosure of any of its data.