Skip to content

Star Health clears CISO of wrongdoings in data breach case

  • by
  • 2 min read

Star Health and Allied Insurance Company Ltd announced on October 28 that its Chief Information Security Officer (CISO), Amarjeet Khanuja, has been absolved of any alleged involvement in a recent data breach incident. This clearance follows an independent forensic investigation that found no connection between Khanuja and the threat actors responsible for the data leak.

After the hack, the threat actor xenZen released a video revealing communications between Star Health’s CISO, stating that the CISO sold all the data to xenZen and then attempted to alter the agreement.

As reported by Livemint, the insurance company disclosed these findings in a filing with the Bombay Stock Exchange (BSE), stating that the investigation’s primary focus was to probe allegations of alleged communication between Khanuja and the hackers responsible for leaking sensitive customer data.

According to Star Health’s statement, the forensic investigation concluded that the threat actor fabricated any such communication and that there was no substantial link between the CISO and the incident.

A computer screen displaying the word 'Security'.

“The forensic investigation has been completed, and it concluded that the alleged communication between the Threat Actor and the CISO was fabricated links between the CISO and the Incident, and no evidence of any wrongdoing was found,” Star Health’s filing reads.

Star Health also filed minutes from the recent risk management meeting. The company revealed that the committee thoroughly reviewed the incident and recommended additional measures to strengthen the company’s information security.

The breach occurred in September, but Star Health confirmed it after a few weeks in October 2024. The company launched a comprehensive forensic investigation by independent security experts and filed a complaint regarding the breach. However, Star Health refrained from disclosing whether customer data was compromised.

Star Health, also named Cloudflare, alleges that the company provided hosting services for the hacker group’s websites.

Later, the Madras High Court asked Telegram to stop and delete chatbots distributing sensitive Star Health data.

In the News: Militant groups exploit Facebook to organise as US election nears

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>