The Madras High Court has issued an interim order directing Telegram to block and delete any posts or chatbots flagged by Star Health Insurance after the insurer discovered that hackers were using the platform to disseminate sensitive customer information.
Justice K Kumaresh Babu, presiding over the case, instructed Star Health Insurance to promptly email Telegram with details of usernames and URLs associated with the bot sharing the hacked data, Bar and Bench reports.
Telegram must take down the flagged bots or channels upon receipt of these notifications. The Court’s directive comes as part of Star Health’s plea to prevent the unauthorised sharing of confidential customer data.
Representing Star Health, Senior Counsel S Ramasubramanium highlighted the extent of the damage, noting that sensitive data had become accessible through Telegram channels under the pretext of ‘ethical hacking.’ The counsel emphasised that the leaked information was publicly available on Telegram bots almost immediately after being flagged for removal, exacerbating the problem.
Telegram’s counsel defended the platform, asserting that it lacks the proactive monitoring capabilities necessary to search for and prevent data leaks across all posts and bots. The counsel referenced limitations imposed by India’s Information Technology Act.
The platform can act on specific violations flagged by users or entities but does not actively patrol bots for potentially harmful content. Telegam’s counsel also noted the challenges of tracing sources for unauthorised posts, explaining that individuals often use virtual private networks (VPNs) to cancel their identities, complicating efforts to trace the origin of such posts.
The court queried Telegram on its ability to trace the source of the posts and chatbots sharing Star Health’s data. Telegram clarified that it could only conduct source tracing if the Court issued an explicit order mandating it. This point underscores the legal complexities surrounding data leaks on encrypted platforms.
In September 2024, cybercriminals leaked over 7.24 TB of sensitive Star Health data on Telegram. This data included around 31 million Star Health and Allied Insurance policies, medical records, tax documents, and personal identification information.
Star Health confirmed the attack in October but assured that its operations remain unaffected and services continue as usual.
In the News: OpenAI’s next AI model Orion set to release in December