The data breach incident at Star Health takes an unexpected turn with new allegations involving the sale of data of over 31 million customers.
Data Breach Facts
Star Health is accused of selling 7.24 terabytes of customer data to a hacker named 'xenZen' for $150,000. The transaction began on July 6, 2024, via an encrypted chat platform, requiring an initial payment of $28,000 in Monero.
Accusations and Participants' Roles
xenZen claims that Khanuja repeatedly sold access to the data, violating internal security protocols. Following the initial deal, the data continued to flow despite the hacker's attempts to alter the terms. Khanuja stated, 'You've taken 5TB and I want $150k now because senior management wants a cut.'
Company Response and Current Situation
Star Health categorically denies these allegations, stating that it was a victim of a 'targeted malicious cyberattack.' An independent investigation is underway with cybersecurity experts to understand the extent of the breach. This incident questions the reliability of the company's security systems, despite earlier assurances that there was 'no widespread compromise' of customer data in August 2024.
The Star Health data breach incident raises important questions about customer data security and the responsibility of management to protect it. Regardless of the investigation's outcome, the company must take steps to regain customer trust.