Star Health Breach: Beware, Your Aadhaar, PAN and Password Leak Risks Fraud | Personal Finance

According to the hacker, Star Health Insurance’s Chief Information Security Officer (CISO) initially sold the information for $28,000 but later demanded $150,000. The hacker claimed that the CISO cited the need to share the proceeds with senior management. After the deal fell through, the hacker published all sensitive customer data online.

According to reports, the data is currently being distributed through two Telegram bots, one providing claim documents in PDF format and the other providing detailed customer information.

Star Health Insurance has launched an investigation into the breach. “We have begun a comprehensive forensic investigation with independent cybersecurity experts and are working with government and regulatory authorities,” the company said.

The insurer also approached the Madras High Court, which directed all parties involved to block access to the leaked information. “We are diligently monitoring the implementation of this order,” Star Health Insurance said.

Other recent data breaches in India

The Star Health Insurance breach is just one of several recent data breaches affecting millions of people in India.

In July, the personal information of around 7.9 million customers of Mumbai-based stockbroking firm Angel One was exposed on a hacker forum. The breach, which occurred last year, resulted in the disclosure of confidential information, including names, addresses, contact numbers and bank account details.

According to Forbes India, data of 7.5 million customers of boAt, the consumer electronics brand, was reportedly leaked and put up for sale on the dark web back in April.

In January, a massive security flaw was discovered by cybersecurity firm CloudSEK that exposed personal data of about 750 million people in India. This breach exposed important details such as names, mobile numbers, addresses and Aadhaar information. The 1.8 terabytes of data was reportedly sold by threat actors called CyboDevil and UNIT8200.

Consequences of a data breach

Data breaches like these can lead to identity theft, financial fraud, and scams. Saurabh Gupta, founder and CEO of VeriSmart AI, an AI-driven data protection solutions company, said: “Hackers use various methods such as social engineering, malware and phishing to access personal data for malicious purposes.”

Companies also face reputational damage and legal liabilities. “Companies may face penalties depending on applicable laws and suffer a damaged reputation, making recovery difficult,” Varma said.

How serious are the risks?

Gupta noted: “The impact of data theft depends on the sensitivity of the information. The consequences can range from financial loss and public embarrassment to life-threatening situations.” Varma added that the fallout may not be immediately visible, leading people to underestimate the damage.

What measures can you take to protect yourself?

To minimize the impact of such violations, experts advise taking immediate measures:

– Change passwords associated with the leaked data.

— Enable two-factor or multi-factor authentication.

— Regularly update software and apps with the latest security patches.

— Be aware of suspicious online activity and report incidents to authorities.

“Today, it is very important to understand privacy and take proactive measures to protect your online identity,” Varma said.

How companies can respond to data breaches

Companies must have an incident response plan in place. You should also report violations to authorities and inform affected individuals in accordance with legal requirements. Preventive measures are equally important to protect people’s data.

“The IT Act, 2000 provides for compensation to sensitive personal data victims, but this will soon be replaced by the Digital Personal Data Protection Act,” Varma said. He added that the new law focuses on rights for individuals and strict penalties for companies, but does not provide for compensation for affected individuals.

Our online lives are important

“Our online lives are just as important as our physical lives, if not more so, because of the speed and reach of information,” Gupta said. He urged everyone to take more precautions to protect their online identities in today’s digital age.

First published: Oct 11, 2024 | 1:01 p.m IS