Star Health has sued Telegram and hacker xenZen after discovering the hacker was using chatbots on the messaging app to leak the personal data of policyholders.
As reported by Reuters, the case is currently ongoing in the Madras High Court of Tamil Nadu, which has issued a temporary injunction for Star Health, India’s leading health insurer. According to the court order, Telegram and the hacker have been instructed to block the chatbots and websites used to leak the policyholders’ personal information.
The news of the data leak was made public by Reuters last week after a security researcher contacted the publication. The researcher, posing as a potential buyer, discovered that the hacker had 7.24TB of data related to over 31 million Star Health customers. The researcher also found that two separate chatbots were being used to distribute the customers’ personal information.
BIG DATA LEAK ALERT ⚠️
Holding Star Health Insurance policy?
A hacker is leaking Aadhaar, PAN, medical reports and more sensitive personal data of customers of India's biggest health insurer via Telegram bots & a website
Backstory + what's at stake 🧵⤵️
— Munsif Vengattil (@MunsifV) September 21, 2024
The first chatbot was used to offer claim documents in PDF format, while the second chatbot allowed users to request up to 20 samples from a dataset containing information on 31 million customers. This data included names, phone numbers, addresses, tax IDs, blood reports, medical reports, government IDs, and other test results.
In addition to suing Telegram, Star Health has also taken legal action against Cloudflare, as the website used to leak the data was hosted through Cloudflare’s services. The Madras High Court has issued notices to both Telegram and Cloudflare, and the next hearing is scheduled for October 25. The hacker, xenZen, contacted Reuters via email and stated they would join the next hearing online if permitted.