Personal data of Star Health customers, including names, medical history, test results, tax details and policy numbers are available for download on Telegram
This comes nearly a month after Telegram founder and CEO Pavel Durav was arrested in France over allegations that the platform was being used for illicit activity
Telegram has also come under the scanner of the Indian government for allegedly facilitating extortion and gambling activities
In what could be one of the biggest data breaches in Indian history, personal data of millions of customers of listed general insurance major Star Health & Allied Insurance is allegedly up for sale on instant messaging app Telegram.
An unidentified hacker stole private data, including medical records of over 31 Mn customers of Star Health and made it publicly accessible on Telegram by creating chatbots on the platform, Reuters reported.
Data of Star Health customers such as policy and claim documents, including names, contact info, addresses, tax details, copies of ID cards, test results and medical diagnosis is reportedly available for download on the Telegram app.
While Telegram took down these chatbots after the issue was first reported, new chatbots have since sprung up on the platform, selling private details of Star Health customers. While one chatbot allows download of claim documents in PDF format, another enables users to view policy number, name and even body mass index of patients with a single click, as per the report.
A hacker, who goes by the moniker xenZen, has purportedly claimed responsibility for creating the Telegram chatbots being used for distributing Star Health data on an unknown online hacking forum.
Star Health & Allied Insurance has reportedly lodged a complaint with the cybercrime department of its home state of Tamil Nadu and federal cyber security agency CERT-In . It further said that preliminary findings did not show “widespread compromise” and “sensitive customer data remains secure.”
This comes nearly a month after Pavel Durov, founder and CEO of Telegram, was arrested in Paris over allegations that his company was complicit in distributing child sexual abuse images and facilitating money laundering and drug trafficking.
While Telegram is facing increasing scrutiny for allegedly facilitating illicit activity in Europe, it has also come under the scanner of the Indian government.
Telegram is facing a possible ban in the country with the Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs (MHA) and the Ministry of Electronics and Information Technology (MeitY) reportedly probing allegations that the platform is being used for gambling and extortion.
Since its entry in India, Telegram has landed in multiple regulatory troubles. In January, the Delhi High Court (Delhi HC) ordered the platform to remove or block access to accounts allegedly used for cheating people by using the name of private equity firms Peak XV Partners and Sequoia Capital.