The Star Health Data Breach has garnered significant attention due to the scale of the incident and the serious allegations surrounding it. Below is a detailed timeline of events, including evidence and official reports that frame this cybersecurity incident.
Public Disclosure
UK-based researcher Jason Parker shared information about the breach, revealing that the hacker had created a website showcasing sample data from Star Health. The hacker claimed that Star Health’s Chief Information Security Officer (CISO), Amarjeet Khanuja, was involved in selling this data for $150,000.
Email Exchanges Released
A viral post by venture capitalist Deedy Das included alleged email exchanges between Khanuja and the hacker. The hacker accused Khanuja of attempting to profit from the data sale and provided screenshots as proof.
Star Health Data for Sale
The hacker announced that approximately 7.24TB of data was available for sale on a website, with parts being offered for $10,000 each. This data reportedly included: Full names, PAN numbers, Mobile numbers, Email addresses, Medical records, Policy details
Star Health’s Response
Star Health confirmed the breach and initiated a forensic investigation led by independent cybersecurity experts. They stated that they were cooperating with government and regulatory authorities.
Legal Actions Initiated
Star Health filed lawsuits against Telegram and Cloudflare for allegedly facilitating the data leak. The Madras High Court issued a temporary injunction to block access to leaked information on these platforms.
Official Statement from Star Health
The company released a statement confirming that operations remained unaffected and emphasized their commitment to customer security. They reiterated that the CISO was cooperating in the investigation and denied any wrongdoing on his part.
Court Proceedings Scheduled
The Madras High Court scheduled further hearings regarding the breach for October 25, indicating ongoing legal scrutiny.
Chronological Timeline of Star Health Data Breach Leak Events
The Star Health data breach timeline encapsulates critical events surrounding the Star Health Data Breach while providing essential context through frequently asked questions related to this significant cybersecurity incident.
- August 2024: The breach reportedly begins with unauthorized access to sensitive customer data by hacker xenZen.
- September 20, 2024: Researcher Jason Parker highlights the breach on social media, revealing that sensitive customer data is being sold online.
- September 24, 2024: Star Health officially acknowledges the breach and initiates a forensic investigation while also filing lawsuits against Telegram and Cloudflare for facilitating the leak.
- October 1, 2024: Details emerge about the hacker’s claims that CISO Amarjeet Khanuja sold access to sensitive data for $150,000. Screenshots of alleged email exchanges between Khanuja and xenZen circulate online.
- October 5, 2024: Star Health continues its investigation and assures customers that operations remain unaffected despite the breach.
- October 9, 2024: Star Health releases an official statement confirming ongoing investigations and reiterating its commitment to customer security.
- October 10, 2024: Reports indicate that shares of Star Health drop by approximately 2.5% following acknowledgment of the breach.
- October 11, 2024: The Madras High Court orders platforms like Telegram to block access to leaked information and schedules a follow-up hearing for October 25.
What is the nature of Star Health Data Breach?
The Star Health leaked data allegedly includes:
- Personal identification details (e.g., names, PAN numbers)
- Contact information (e.g., mobile numbers, email addresses)
- Medical history (including pre-existing conditions)
- Insurance policy details (e.g., policy numbers, claims)
The hacker claimed that parts of this sensitive information were being sold through Telegram chatbots, allowing easy access to potential buyers.
Allegations Against Star Health CISO
The hacker made serious allegations against Khanuja:
- He claimed that Khanuja initially sold access to sensitive data for $28,000, later raising the price to $150,000, purportedly to share profits with senior management.
- Screenshots of alleged email communications were shared publicly to support these claims.
Legal and Regulatory Response
Star Health has taken several steps in response to the breach:
- Initiated a comprehensive forensic investigation.
- Filed lawsuits against platforms allegedly involved in disseminating leaked information.
- Engaged with regulatory authorities to ensure compliance and transparency during the investigation process.
Market Reaction
Following news of the breach, Star Health’s stock experienced a decline of approximately 2.5%, reflecting investor concerns about potential reputational damage and regulatory repercussions.
Conclusion
The Star Health data breach represents one of India’s largest cybersecurity incidents to date, highlighting vulnerabilities in data protection practices within major corporations. As investigations continue and legal proceedings unfold, this incident may have lasting implications for both Star Health and broader cybersecurity regulations in India.
This overview encapsulates all significant developments related to the Star Health Data Breach from August 2024 to present while emphasizing credible sources and official statements throughout the timeline.
