A hacker is using Telegram chatbots to publicly share stolen customer data from Star Health and Allied Insurance, India’s largest health insurer, raising concerns about data security and the potential misuse of messaging platforms.
The leaked information, accessible through Telegram chatbots, includes sensitive customer details such as medical reports, policy documents, and personal identification information. Reuters was able to download over 1,500 files containing names, phone numbers, addresses, tax details, and medical diagnoses.
Star Health, with a market capitalization exceeding $4 billion, has reported the alleged unauthorized data access to local authorities. The company stated that an initial assessment showed “no widespread compromise” and that “sensitive customer data remains secure.”
The purported creator of the chatbots, using the alias xenZen, claims to possess 7.24 terabytes of data related to over 31 million Star Health customers. The data is available for free on a piecemeal basis via the chatbots, but is reportedly for sale in bulk.
Telegram spokesperson Remi Vaughn said the original chatbots were “taken down” after being notified, but new ones have since appeared offering Star Health data.
This incident highlights the challenges faced by Indian companies in safeguarding customer data and raises questions about Telegram’s ability to prevent misuse of its platform. The messaging app, with 900 million active monthly users, has recently faced increased scrutiny over content moderation and features that could be exploited for criminal activities.
Star Health policyholders contacted by Reuters expressed concern upon learning their personal information had been leaked, stating they were unaware of any data breach.
Cybersecurity experts note that Telegram has become an attractive platform for criminals to distribute stolen data due to its ease of use and anonymity features.
