Star Health and Allied Insurance Co. Ltd. confirmed that it fell victim to a "targeted malicious cyberattack, resulting in unauthorized and illegal access to certain data. "
The firm reported that it has not as of yet found any evidence of wrongdoing from their Chief Information Security Officer following its investigation into the data breach the company suffered due to a cyber attack.
A sample of the firm's private information, including customer data, was published on a website by a hacker calling themselves "xenZen," who claimed that the CISO sold them the information, initially demanding $28,000 and then upping the price to $150,000 for it, claiming that they had to give a cut of the amount to senior management to continue the data leak.
"We request that his privacy be respected, as we know that the threat actor is trying to create panic. We also want to emphasise that any unauthorised acquisition, possession, or dissemination of customer data is illegal," the company told NDTV Profit.
The firm further said that its operations remain unaffected by the data breach that was reported earlier in September 2024, saying that all services will continue without disruption.
"A thorough and rigorous forensic investigation, led by independent cybersecurity experts, is underway, and we are working closely with government and regulatory authorities at every stage of this investigation," Star Health said.
The firm reported the incident to the insurance and cybersecurity regulatory authorities, along with the filing of a criminal complaint against those responsible.
“We acknowledge that we were the victim of a targeted malicious cyberattack, resulting in unauthorised and illegal access to certain data," Star Health said in its statement.
The company said that it urges all platforms, hosting companies, social media channels and users to take "swift and decisive action to halt such activities" and abide by the orders of the High Court.
The company also promptly approached the Madras High Court, which directed all third parties to disable access to the relevant information. The health insurance company said it is diligently pursuing the implementation of this order.
"We have robust security measures in place and Star Health assures its customers and partners that their privacy and data security are paramount to us, and we are unwavering in our commitment to ensure their continued trust and confidence," the firm said.