Right after the company MD & CEO received the ransom emails, the company said that it reported the breach to CERT-In, IRDAI and other agencies
Star Health also claims to have roped in an independent expert to undertake a comprehensive forensic probe, which is expected to be completed before the end of October
Last month, the hacker put up the personal data of over 3 Cr Star Health customers for sale online
Insurer Star Health on Saturday (October 12) said that the hacker, who leaked the personal data of its 3 Cr customers, demanded a ransom of $68,000 (INR 57 Lakh) from the company.
In a detailed clarification filed with the BSE, the listed insurer said that the cybersecurity incident came to its notice on August 13 after a hacker under the pseudonym “vladislav rs” demanded the payment in multiple emails addressed to the company’s managing director and CEO Anand Roy.
While the company claims to have not responded to the emails, Star Health said that it reported the cybersecurity breach to all agencies, including the Computer Emergency Response Team (CERT-In) and the Insurance Regulatory Development Authority of India (IRDAI), on August 14.
The company added that it then filed a complaint before Chennai Police Commissioner in connection with the matter. Based on this, an FIR was registered by the cyber crime cell of Tamil Nadu Police on September 23.
It also approached the Madras High Court (HC) in connection with the breach, which directed all third parties, including social media platform Telegram, to disable access to the leaked data.
This comes close on the heels of reports that the personal data, comprising names, addresses, phone numbers, PAN details, policy nominees and medical history, of over 3 Cr Star Health customers was for sale online.
The hacker, under the alias ‘xenZen’, was selling the entire dataset for $150,000 (about INR 1.26 Cr) and a smaller package of 1 Lakh entries for $10,000 (INR 8.4 Lakh) on a website called “starhealthscam.in”, which was later taken down by Star Health.
Subsequently, the threat actor created more websites with names such as “starhealthleak.in” and “starhealth.lol”, posting 500 samples of customer data. These two were also eventually taken down.
Besides, the threat actor has also made the information, which spanned 7.24 terabytes of data, accessible by creating chatbots on Telegram.
The Chronology Of The Hack
In a detailed clarification on Saturday, Star Health specified the chronology of events in the aftermath of the cybersecurity incident. Here is what it said:
August 13: Hacker demands a ransom of $68,000 in an email addressed to Star Health’s MD and CEO.
August 14: Insurer reports the incident to relevant authorities and its board.
August 22: Hacker sends another email to the company and creates a website called “starhealthscam.in” to sell the data.
August 29: Star Health takes down websites created by the threat actor with the help of various law enforcement agencies.
September 11: Star Health issues the first notice to Telegram to take down the bots. The company claims that the social media platform refused to share the account KYC details or permanently ban the hacker’s accounts despite multiple notices issued in this regard.
September 22: The insurer filed a petition before Madras HC against Cloudflare (which offered certain services to the hacker to host the websites), Telegram and unknown persons represented by the hacker (xenZen) and a person named Ashok Kumar.
The company seeks permanent injunction over data leaks and misuse of Star Health’s intellectual property.
September 23: Tamil Nadu Cyber Cell registered an FIR in the case under various sections of the Bharatiya Nyaya Sanhita and the Information Technology Act, 2000.
September 24: Madras High Court issues ad-interim injunctions restraining anyone from using the Star Health brand and domain names and bans publishing of the leaked data
Since then, the company claims to have roped in an independent expert to undertake a comprehensive forensic probe, which is expected to be completed before October end. Star Health also claims to have taken preventive and proactive measures to “contain the incident” and shore up its IT infrastructure.
While it remains to be seen what the findings of the investigation throw up, the saga has raised questions over lax cybersecurity guardrails at Indian companies.