Massive data leak hits India’s Star Health
Telegram bots used to distribute health data.
Sensitive personal and medical data from millions of Star Health customers, India’s largest standalone health insurer, has been leaked and made accessible through chatbots on Telegram. This breach exposes names, phone numbers, addresses, and even medical diagnoses. The stolen data, amounting to 7.24 terabytes, includes over 31 million records and is being sold via these chatbots. Despite the insurer’s initial claims that there was no widespread compromise, numerous policy and claims documents have been publicly available for weeks. Victims were not notified of the breach, even though their private details were openly traded.
Telegram, known for its rapid growth fueled by customisable chatbots, is under heightened scrutiny as these bots become tools for cybercriminals. Even with Telegram’s attempts to remove them, new bots emerge, offering stolen data. This situation underscores the ongoing difficulties Indian companies face in protecting sensitive information as hackers increasingly exploit modern platforms for illicit activities.
Star Health has informed local authorities about the breach, but millions of customers remain vulnerable to identity theft and fraud. This incident highlights major concerns about the safety of sensitive information in India’s digital landscape, emphasising the urgent need for stronger data protection laws and cybersecurity measures.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.