Star Health Data Breach: Hacker Claims CISO Sold Data to Him

Star Health data breach incident is taking a dramatic and shocking turn, just as it seems the matter is dying down. 

The company is currently facing allegations about its involvement in the data breach that affected more than 31 million customers.

According to claims made by a hacker codenamed “xenZen”, the company’s Chief Information Security Officer (CISO), Amarjeet Khanuja, sold approximately 7.24 terabytes of customer data to him for $150,000.

In a details post shared by Deedy, a former member of Google’s team, it revealed that Khanuja contacted the hacker via an encrypted chat platform on July 6, 2024, initiating a negotiation for the sale of customer data.

They both settled on $28,000 for the initial data transfer, conducted using Monero. After the successful transfer, Khanuja shared login credentials and API access details with xenZen, allowing the hacker to download the data.

Then two weeks later, Khanuja purportedly offered to sell claims data for an additional $15,000. All this goes against his role and the company’s internal security protocols.

According to the conversation, Khanuja later tried to alter the deal by demanding for additional $150,000 to give the hacker continued access to the company’s system. 

In Khanuja words, “You’ve taken 5TB and I want $150k now because senior management wants a cut.” This statement raised the concern of whether more high-ranking officials at Star Health’s senior management were involved in the breach.

XenZen claimed, “This leak is sponsored by Star Health and Allied Insurance Company, who sold this data to me directly.”

However, the company claimed it was a victim of a “targeted malicious cyberattack” and insisted it had no involvement in the data sales and that all its operations remain unaffected.

Nevertheless, this allegation puts a spotlight on the company’s security measures and practices. Star Health is currently conducting a investigation with independent cybersecurity experts to determine the full extent of the breach. 

The breach happened in August 2024 when a report revealed that the stolen data was being sold on Telegram using chatbots. Initially, Health stated that there was “no widespread compromise” of sensitive customer data; however, this allegation says otherwise.

Also Read: South Actor Chaitanya X Account Hacked, promotes Bitcoin Scam

spot_imgspot_img

Subscribe

Related articles

ED seizes 12.5 Crore assets in HPZ Crypto Token Scam in India

Enforcement Directorate(ED), India’s premier financial intelligence agency, seized Rs...

Pi Network Calls Users to Step Up as KYC Validators

Pi Network is calling on its users to step...

Solana Launches $185K AI Hackathon for Developers Worldwide

Solana has officially kicked off its first-ever AI hackathon,...

Zuckerberg Donates $1 Million to Pro-Crypto Trump Committee  

Meta Platforms, the parent of Facebook, shocked everyone when...

Nvidia Faces Legal Battle as Supreme Court Rejects Appeal

The United States Court has denied Nvidia’s request to...
spot_imgspot_img

LEAVE A REPLY

Please enter your comment!
Please enter your name here