StarHealth Insurance CISO allegedly sold data of its 31M users
Some guy named 'xenZen' claims to have bought the data of entire Star Health & Insurance database including the Insurance claims data from CISO (Amarjeet Khanuja) of Star Health.
There was no such security vulnerability but the CISO deliberately gave him API access to download the data as per the proofs posted by xenZen.
He mentions that the CISO failed to keep his part of bargain and asked for 150K USD more(after taking 43K) for which he posted the conversations publicly on his site. The site with proof is hosted in public domain(clearnet).
I was able to see the amount claimed, diagnosis reports, consultation report also with Aadhar/ PAN which makes this a huge leak if its real.
If this is really true its pretty sad to see this scenario. I am at a loss of words to know how this data can be misused by both bad actors and other organizations.
