Leading Indian insurer Star Health sued Telegram and a self-proclaimed hacker after Reuters reported that the hacker used the messaging app’s chatbots to leak policyholders’ personal information and medical reports.
The lawsuit comes amid increasing scrutiny of Telegram globally and the arrest of its founder Pavel Durov in France last month, with the app’s content being moderated and features allegedly being misused for illegal activities. Durov and Telegram denied wrongdoing and responded to criticism.
The Star received a temporary injunction from a court in its home state of Tamil Nadu ordering Telegram and the hacker to block any chatbots or websites in India that make data available online, according to a copy of the order.
Star also sued US-listed software company Cloudflare Inc in a lawsuit, saying the leaked data on websites was hosted using its services.
“Confidential and personal information … of the plaintiff’s customers and business activities in general were hacked and leaked using the (Telegram) platform,” Star said in a Madras High Court order dated September 24.
Star, a listed entity with a market capitalization of more than $4 billion (roughly Rs 33,473 crore), disclosed details of the suit for the first time in a newspaper advertisement in The Hindu magazine on Thursday.
The court has issued notices to Telegram as well as Cloudflare in this regard and will next hear the case on October 25.
Star’s newspaper ad said the company had requested an injunction against Telegram and Cloudflare from using the trade name “Star Health” or making its data available online.
Star Health, Telegram and Cloudflare did not respond to a Reuters request for comment.
The ability for users to create chatbots is credited with helping Dubai-based Telegram become one of the world’s largest messaging apps with 900 million active monthly users.
Reuters reported last week that an individual called xenZen made publicly available stolen data, including the medical reports of Star users, on Telegram, just weeks after Telegram’s founder was accused of allowing the app to facilitate crime.
Star previously said its initial assessment showed that “no widespread compromise was detected” and that “sensitive customer data remains secure.”
Two chatbots distributed Star Health data. One offered the claim documents in PDF format. Another allowed users to request up to 20 samples from 31.2 million datasets with a single click providing details including shelf number, name and even body mass index.
During the bot’s testing, Reuters downloaded more than 1,500 files with some documents dated as late as July 2024, which included policy and requirements documents containing names, phone numbers, addresses, tax cards, copies of ID cards, test results, medical diagnoses and the blood of the report.
Reuters shared details of the chatbots with Telegram on September 16, and within 24 hours spokesman Remi Vaughn said they had been “taken down.” Later, more chatbots appeared.
Star also sued the alleged hacker, xenZen, in a lawsuit. Hacker said in an email to Reuters on Thursday that he would join the hearings online if allowed.
Star Health’s chatbots are part of a wider trend of hackers using such methods to sell stolen data. Of the five million people whose data was sold via chatbots, India represented the largest number of victims at 12 percent, according to NordVPN’s latest epidemic research conducted at the end of 2022.
© Thomson Reuters 2024
(This story was not edited by NDTV staff and was automatically generated from a syndicated feed.)
