Star Health Data Breach: Hacker Claims CISO Sold Data to Him

Star Health data breach incident is taking a dramatic and shocking turn, just as it seems the matter is dying down. 

The company is currently facing allegations about its involvement in the data breach that affected more than 31 million customers.

According to claims made by a hacker codenamed “xenZen”, the company’s Chief Information Security Officer (CISO), Amarjeet Khanuja, sold approximately 7.24 terabytes of customer data to him for $150,000.

In a details post shared by Deedy , a former member of Google’s team, it revealed that Khanuja contacted the hacker via an encrypted chat platform on July 6, 2024, initiating a negotiation for the sale of customer data.

They both settled on $28,000 for the initial data transfer, conducted using Monero. After the successful transfer, Khanuja shared login credentials and API access details with xenZen, allowing the hacker to download the data.

Then two weeks later, Khanuja purportedly offered to sell claims data for an additional $15,000. All this goes against his role and the company’s internal security protocols.

According to the conversation, Khanuja later tried to alter the deal by demanding for additional $150,000 to give the hacker continued access to the company’s system. 

In Khanuja words, “You’ve taken 5TB and I want $150k now because senior management wants a cut.” This statement raised the concern of whether more high-ranking officials at Star Health’s senior management were involved in the breach.

XenZen claimed, “This leak is sponsored by Star Health and Allied Insurance Company, who sold this data to me directly.”

However, the company claimed it was a victim of a “targeted malicious cyberattack” and insisted it had no involvement in the data sales and that all its operations remain unaffected.

Nevertheless, this allegation puts a spotlight on the company’s security measures and practices. Star Health is currently conducting a investigation with independent cybersecurity experts to determine the full extent of the breach. 

The breach happened in August 2024 when a report revealed that the stolen data was being sold on Telegram using chatbots. Initially, Health stated that there was “no widespread compromise” of sensitive customer data; however, this allegation says otherwise.

Also Read: South Actor Chaitanya X Account Hacked, promotes Bitcoin Scam