Star Health data leak: Hacker alleges company official’s involvement

The hacker behind the leak of sensitive data affecting millions of Star Health customers has claimed that the company’s chief information security officer (CISO), Amarjeet Khanuja, granted access to user data via APIs (application programming interface).

The hacker, using the moniker ‘xenZen,’ has launched a website ‘Star Health Leaks’, with links to two self-hosted leak bots. FE reviewed these leak bots and was able to download policy documents of random Star Health customers that contained sensitive and private details such as names, full addresses, PAN information, phone numbers, details of dependents, policy coverage, and pre-existing conditions.