India’s Star Health is investigating allegations that its chief information security officer played a role in a data leak by a self-proclaimed hacker who used Telegram chatbots and websites to spread customers’ health records and personal information.
The country’s largest health insurer, Star, told Reuters the official, Amarjeet Khanuja, was cooperating with its investigation into the leak, which has so far turned up no evidence of wrongdoing.
The investigation came after the hacker, a person called xenZen, publicly claimed on his website that the CEO “sold me all that data.”
Khanuja, the chief information security officer (CISO), did not respond to a request for comment.
“Our CISO duly cooperated with the investigation and to date we have not come to any evidence of wrongdoing on his part,” Star said in a statement on Wednesday.
Last month, Star Health sued Telegram and the hacker after Reuters reported on September 20 that the hacker used chatbots in the messaging app to reveal customer details, before setting up websites that provide easy access to the data.
Star traded down 2% on Thursday, and has lost about 6% since the Reuters report.
“We were the victim of a targeted, malicious cyber attack, which resulted in unauthorized and illegal access to certain data,” Star said.
Independent cyber security experts conducted his forensic investigation, the Star added in a statement, and he also worked closely with the authorities to whom he reported the incident.
Earlier, Star said its initial assessment showed there was “no widespread compromise”, adding that “sensitive customer data remains secure”.
A court in Star’s southern home state of Tamil Nadu has granted a temporary injunction to Telegram and the hacker to block any chatbots or websites in India that make data available online.
Telegram did not comment on the lawsuit, while the hacker promised to join the hearings online if allowed.
Star’s legal challenge to Telegram comes amid increasing scrutiny of the platform globally and the recent arrest of its founder Pavel Durov in France, with the app’s content being moderated and features allegedly misused for illegal activities.
Durov and Telegram have denied wrongdoing and are addressing the criticism.
Telegram previously said it removed the chatbots when Reuters flagged them to the messaging platform’s team.
As of Thursday, the website created by the hacker still allowed people to simply click a start button to receive samples of Star Health’s policy-related data, including claims documents and patient medical records.
The Star did not comment on the website.
“We call on all platforms, hosting companies, social media channels and users to take swift and decisive action to stop such activities,” the statement said.
Telegram’s feature that allows users to create chatbots is credited with helping the Dubai-based messaging app become one of the largest in the world, with 900 million monthly active users.
The hacking website offered sample request documents in PDF format, while users can also request up to 20 samples from 31.2 million datasets containing details such as names, policy numbers and even body mass index (BMI).
© Thomson Reuters 2024
(This story was not edited by NDTV staff and was auto-generated from a syndicated feed.)