Star Health Files Lawsuit Against Telegram Over Data Breach

The Madras High Court has granted a temporary injunction, directing Telegram to block chatbots and websites that are distributing the compromised data.

Star Health and Allied Insurance, India’s largest standalone health insurer, has filed a lawsuit against the messaging platform Telegram and a hacker following the leak of sensitive customer data through Telegram's chatbots.

The breach reportedly exposed the personal and medical information of millions of policyholders.

The Madras High Court has granted a temporary injunction, directing Telegram to block chatbots and websites that are distributing the compromised data.

The court order comes after Star Health discovered that the hacker, known by the alias "xenZen," was using Telegram to sell sensitive data, including personal information and medical records.

The insurer described the incident as "illegal hacking and unauthorized access to sensitive information." Telegram has not yet responded to the court's directive or the allegations.

Background of the Data Breach

Sensitive customer data, including medical reports, from Star Health and Allied Insurance has been accessible through Telegram chatbots for weeks. Millions of people’s private information, including policy claims, test results, and personal identification documents, are reportedly for sale on the platform.

Star Health disclosed that it became aware of the breach on August 13, when an unidentified individual claimed to have access to its data.

This incident comes shortly after Telegram’s founder, Pavel Durov, faced accusations of allowing the platform to be used for criminal activities.

Star Health, which has a market capitalization of over $4 billion, stated that it had reported the issue to local authorities and was investigating the alleged data breach.

In response, the company assured the public that “sensitive customer data remains secure,” though an investigation has since shown that substantial amounts of private information have been accessed and shared.

The leaked documents included names, phone numbers, addresses, tax details, copies of identification cards, medical diagnoses, and test results, as reported by Reuters.

Star Health reported the matter to the Tamil Nadu cybercrime department and the Indian Computer Emergency Response Team (CERT-In), a federal cybersecurity agency.

Despite these efforts, many affected customers remain unaware of the breach, raising concerns over the transparency of the company’s response.

Telegram’s Role & Response

Telegram, known for allowing customizable chatbots to automate responses and provide user-requested content, has faced scrutiny over its use by cybercriminals.

Two chatbots were identified as distributing sensitive Star Health data, including policyholder claims, medical test results, and personal identification information.

Jason Parker, a UK-based security researcher, discovered the leak after interacting with the hacker “xenZen,” who claimed to possess 7.24 terabytes of data belonging to over 31 million customers.

While Telegram removed the chatbots within 24 hours of being notified, new chatbots offering the same stolen data have since surfaced.

Telegram spokesperson Remi Vaughn reiterated that the sharing of private information is forbidden on the platform and emphasized the company's use of AI tools and user reports to remove harmful content.

Stay tuned for more such updates on Digital Health News.