India’s Star Health investigates its Chief Information Security Officer in data leak scandal

Hackers exposed customer data.

Masked hacker under hood using computer to hack into system and employ data leaking process

India‘s largest health insurer, Star Health, is investigating allegations that its Chief Information Security Officer (CISO), Amarjeet Khanuja, was involved in a data breach linked to a hacker named xenZen. The hacker, who used Telegram chatbots and websites to distribute customers’ medical records and personal data, claimed that Khanuja ‘sold all this data to me.’ Star Health stated that Khanuja is cooperating with the investigation, which has so far found no evidence of his involvement.

Star Health has initiated legal proceedings against Telegram and the hacker known as xenZen after reports surfaced that the hacker exploited the platform’s chatbots to leak customer data and created websites for easier access. The company stressed that it was a victim of a targeted cyberattack, resulting in unauthorised access to specific information. Independent cybersecurity experts are currently conducting a forensic investigation, and Star Health is collaborating closely with authorities. According to the company’s preliminary assessment, there is no evidence of widespread data compromise, and sensitive customer information is reported to be secure.

A Tamil Nadu court has issued a temporary injunction requiring Telegram and the hacker xenZen to block any chatbots or websites in India that share leaked data. Telegram, which is under heightened scrutiny for its platform’s role in illegal activities, has not yet commented on the lawsuit. In contrast, the hacker has expressed a willingness to participate in the court hearings online. Although Telegram had previously removed flagged chatbots, xenZen’s website remains operational, enabling users to access samples of policy-related data with just a click. In response, Star Health has called on all platforms and users to take swift action to prevent further data exposure.