India’s largest health insurer, Star Health, has experienced a severe data breach, with sensitive customer information, including medical records, becoming accessible through Telegram chatbots. This incident highlights the ongoing challenges companies face in securing customer data in the digital age.
The breach has been made public just weeks after Telegram’s founder faced allegations that the messaging app is being used to facilitate criminal activities. The creator of the chatbots, who goes by the alias “xenZen,” claimed to possess over 7.24 terabytes of data from more than 31 million Star Health customers. The stolen data includes names, phone numbers, addresses, ID copies, medical diagnoses, and even tax details, according to a report by a security researcher who alerted Reuters.
Star Health’s Response
Star Health, with a market capitalization of over $4 billion, stated that they have reported the incident to the relevant authorities and are actively working with law enforcement to address the issue. According to their initial assessment, they claimed there was “no widespread compromise” and that sensitive customer data remained secure. However, Reuters was able to access policy and claims documents through the Telegram chatbots, indicating that the breach was more extensive than initially reported.
How the Data Leak Occurred
The chatbots, operational since at least August 6, 2024, offered free samples of the stolen data while selling larger datasets in bulk. Users could simply request specific information from the chatbots to receive random documents containing sensitive details. These chatbots were discovered on Telegram, which has 900 million active users globally and allows for anonymous account creation and data sharing. Telegram’s features, such as customizable chatbots, have made it an attractive platform for cybercriminals.
When tested by Reuters, the chatbots were able to provide more than 1,500 documents, some dated as recently as July 2024. Despite Telegram’s efforts to take down the chatbots, new ones quickly appeared, highlighting the difficulty in completely eradicating such illegal activities from the platform.
The Bigger Picture
This breach is part of a growing trend where hackers use Telegram to sell stolen data. According to a survey by NordVPN at the end of 2022, India accounted for 12% of the five million people affected by data leaks via chatbots globally. Telegram’s combination of anonymity and ease of use has turned it into a popular storefront for cybercriminals, complicating the efforts of companies and authorities to safeguard sensitive information.
Impact on Affected Users
The data leaked includes personal and medical information, as seen in records related to a one-year-old’s treatment and an individual’s ultrasound imaging test results. Both confirmed the authenticity of the documents but stated they were unaware of the breach until contacted by Reuters. The lack of notification from Star Health to affected customers raises concerns about transparency and the company’s response to the breach.
Telegram’s Response and Future Concerns
Following Reuters’ notification, Telegram took down the chatbots within 24 hours, emphasizing that sharing private information is forbidden on their platform. Telegram uses a combination of proactive monitoring, AI tools, and user reports to remove millions of pieces of harmful content daily. However, the quick reappearance of new chatbots offering the same data demonstrates the platform’s struggle to fully prevent misuse.
Star Health reported the matter to the cybercrime department of Tamil Nadu and the federal cybersecurity agency CERT-In. They assured customers that their privacy is a top priority and that they are committed to resolving the issue. Nevertheless, the breach serves as a wake-up call for both companies and users regarding the vulnerabilities associated with digital data and the need for robust cybersecurity measures.
As investigations continue, this incident underscores the urgent need for better data protection strategies and stricter regulations to prevent similar breaches in the future.
