This week, Star Health Insurance, one of India’s most popular health insurers, suffered a massive data breach. The company acknowledged the hack and said they are investigating the matter. According to reports, personal data of 31 million customers could have been compromised due to the alleged data leak. The hacked data is apparently also listed for sale online. As if that wasn’t bad enough in itself, matters are made even more complicated. There are claims that the company’s Chief Information Security Officer (CISO) may have played a role in the data breach. The company completely rejects these claims. Here’s everything that’s happening in this case, in quick 5 points of the story:

5 key points in Star Health Insurance data breach

-Star Health Insurance hit by massive data breach

Star Health Insurance, one of India’s largest health insurers, reportedly suffered a significant data breach, compromising sensitive personal and insurance details of over 31 million customers. A hacker named xenZen reportedly claims to have accessed 7.24TB of data and has offered it for sale online for $150,000. Small batches of 100,000 records have reportedly been listed for $10,000.

-Sensitive customer information was stolen

The compromised data reportedly includes confidential information of customers such as names, PAN numbers, mobile numbers, email addresses, policy details, dates of birth and confidential medical records. The breach has raised major concerns about the security of personal data and the vulnerability of health information in India.

-Allegations against CISO of Star Health

In a bold allegation, the hacker claimed that Star Health’s CISO, Amarjeet Khanuja, allegedly facilitated the breach by directly selling the data for $43,000. According to whistleblower Daddy Das, Khanuja first contacted Zenzen through an encrypted app, Tox, and provided API details and login credentials in exchange for cryptocurrency. The two reportedly had several dealings before their relationship turned sour.

-Star Health denies the allegations

Star Health Insurance has denied all allegations of insider involvement, calling the data breach a “targeted malicious attack”. In their official statement, they assured customers that their services will remain operational while a thorough investigation is underway. The insurer is working with cyber security experts and regulatory bodies to protect customer data.

-Legal action and forensic investigation started

Star Health has launched a forensic investigation into the breach and filed a criminal complaint, which also includes legal action, against the hacker and Telegram, where parts of the stolen data were allegedly shared. The company is also cooperating with government and regulatory agencies to mitigate the damage and prevent further data exploitation.