Insider Threat and Massive Data Breach at Star Health and Allied Insurance Company

In a shocking turn of events, Star Health and Allied Insurance Company has been rocked by a massive data breach, with claims of an insider threat at the center of the controversy. The breach, which originated from an employee offering illegal API access to the company’s customer medical records for a hefty sum, has now escalated into a full-blown cyberattack orchestrated by a threat actor known as “xenZen.”

The extent of the breach is staggering, with over 31 million customer records compromised, including sensitive personal and medical information such as Aadhaar and PAN card photos, detailed medical reports, and more. This breach has raised serious concerns about the company’s data security measures and its ability to protect customer privacy effectively.

Following the breach, Star Health has faced immediate repercussions, with its shares plummeting by 1.7% and trading at ₹568.1. The company has characterized itself as a victim of a targeted cyberattack and has initiated a forensic investigation to determine the scope of the breach and identify responsible parties.

In a surprising twist, allegations have surfaced implicating Star Health’s Chief Information Security Officer in the sale of leaked data. While the company maintains that no wrongdoing has been confirmed, it has committed to transparency and collaboration with government and regulatory authorities throughout the investigation.

This cyberattack also sheds light on the role of platforms like Telegram in facilitating the distribution of stolen data, raising questions about the regulation of digital communication tools in the fight against cybercrime. As the investigation unfolds, the need for immediate remedial action and enhanced cybersecurity measures becomes increasingly apparent in safeguarding sensitive customer information.