Join our Waitlist for Expert Advice!

Insider Cyberattack? Star Health Insurance CISO Allegedly Sells Sensitive Data to Chinese Hacker Personal data of 31 million Indians allegedly sold for USD 150,000

By Entrepreneur Staff

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

Freepik

Global malicious groups are constantly targeting Indian institutions. In a disturbing development, Star Health Insurance has suffered a massive data breach after the firm's Chief Information Security Officer (CISO) allegedly sold sensitive credentials of 31 million Indians including PAN/Aadhaar numbers, phone numbers, emails, and home addresses. The CISO reportedly sold this data for USD 150,000 (approximately INR 1,26,00,000) to a Chinese hacker identified as "xenZen."

This incident sparked a debate on X (formerly Twitter) when Deedy Das, a venture capitalist at Menlo Ventures and a former Google employee, posted about the data leak. Das shared details of the breach, including the name of the security officer allegedly involved. In his post, a conversation between the officer and the hacker is shown, where the officer demands more money for backdoor access on behalf of senior management.

"Star Health management's CISO, Amarjeet (known as 'mc6'), sold all this data to me and then attempted to change the deal terms, stating that senior management of the company needed more money for backdoor access," Hacker said on his website.

The malicious actor is now selling the entire dataset for USD 150,000 or in smaller batches of 100,000 entries for USD 10,000 each.

Following the incident, Star Health Insurance said in the media, "We acknowledge that we were the victim of a targeted malicious cyberattack, resulting in unauthorized and illegal access to certain data. We want to make it absolutely clear that our operations remain unaffected, and all services continue without disruption."

The company further stated that the officer has not been found guilty of any wrongdoing to date. "We want to categorically state that our CISO has been fully cooperating with the investigation, and there has been no finding of wrongdoing by him to date. We request that his privacy be respected, as the threat actor appears to be attempting to create panic. We also want to emphasize that any unauthorized acquisition, possession, or dissemination of customer data is illegal."

In a different incident last month, Star Health Insurance filed a lawsuit against Telegram and a self-proclaimed hacker after a Reuters report revealed that the hacker was using chatbots on the messaging app to leak personal credentials and medical reports of policyholders. This breach exposed over 7.24 terabytes of sensitive information via Telegram bots.

These bots have made sensitive data of multiple individuals publicly accessible, including names, PAN numbers, mobile numbers, email addresses, dates of birth, residential addresses, pre-existing medical conditions, policy numbers, and nominee details. Additionally, personal information such as the height and weight of insured individuals, over five million insurance claims, Aadhaar card and PAN card photos, detailed medical reports, and insurance claim information are now circulating on Telegram and accessible to the public.

Regarding the recent data leak, Das explained that this data in the public domain poses a significant threat, as hackers could use it for financial fraud, identity theft, targeted scams, account hacking, phishing attempts, account takeovers, and extortion in the future.

Following a forensic investigation into the matter, Star Health Insurance's shares dropped by 2.5 per cent.

Entrepreneur Staff

Entrepreneur Staff

Editor

For more than 30 years, Entrepreneur has set the course for success for millions of entrepreneurs and small business owners. We'll teach you the secrets of the winners and give you exactly what you need to lay the groundwork for success.
Side Hustle

At 16, She Started a Side Hustle While 'Stuck at Home.' Now It's on Track to Earn Over $3.1 Million This Year.

Evangelina Petrakis, 21, was in high school when she posted on social media for fun — then realized a business opportunity.

Business News

Remote Work Enthusiast Kevin O'Leary Does TV Appearance Wearing Suit Jacket, Tie and Pajama Bottoms

"Shark Tank" star Kevin O'Leary looks all business—until you see the wide view.

Health & Wellness

I'm a CEO, Founder and Father of 2 — Here Are 3 Practices That Help Me Maintain My Sanity.

This is a combination of active practices that I've put together over a decade of my intense entrepreneurial journey.

Growing a Business

Why 'Founder Mode' is Not a One-Size-Fits-All Solution to Leadership

The founder-driven approach can boost a business's growth, but transitioning from "founder mode" to a balanced leadership style is essential for sustained success and scaling.

Growing a Business

PR vs. Marketing — Which One Delivers Better ROI for Your Business?

PR builds trust and credibility over time, while marketing drives short-term sales through targeted campaigns, making both essential for business success, depending on goals and budget.

Business News

San Francisco's Train System Is Still Run on Floppy Disks. It May Finally Get an Upgrade.

Officials approve a $212 million plan to replace its wildly outdated train control system.