Hackers Accuse Star Health Insurance CISO of Selling Customer Data in Massive Breach

In a shocking development, hackers have accused Amarjeet Khanuja, the Chief Information Security Officer (CISO) of Star Health Insurance, of selling sensitive data belonging to over 31 million customers. The leaked data reportedly includes personal details like names, birth dates, addresses, phone numbers, PAN card information, and even salary details.

According to the hackers, the compromised data is being sold for a staggering $150,000. Smaller sets of data, containing 100,000 entries, are being offered for $10,000 each. The leak has become one of India’s largest data breaches, raising alarm bells about privacy and security concerns for millions of individuals.

The hacker, who goes by the alias xenZen, claims that Khanuja directly provided access to the sensitive information in exchange for payment. To back up their claims, the hacker has posted email screenshots and a video purportedly showing conversations between Khanuja and themselves, in which illegal API access to the company’s customer database was allegedly granted. A sample of over 500 entries, including details about Indian government officials, has been made publicly available to prove the authenticity of the stolen data.

The stolen information is being shared through Telegram chatbots, which allow users to access policy details, insurance claims, and even medical diagnoses of customers.

While Star Health Insurance has acknowledged the data breach, the company has downplayed its severity, reassuring customers that there has been no widespread compromise of their information. However, Star Health had previously taken legal action against an unknown hacker and Telegram for the leak.

As the investigation into the breach continues, affected individuals are being urged to exercise caution with emails, phone calls, and messages that seem suspicious, as they may now be at risk of identity theft, financial fraud, phishing attacks, or even extortion.