IRDAI imposes a stiff penalty of Rs 3.39 crore on Star Health for violating cyber security laws

by | Jul 25, 2025 | Health, Indian News, Non-Life, Regulation, Risk Management, Technology | 0 comments

A significant data leak from Star Health Insurance was reported in Aug, 2024, affecting approximately 3.1 crore customer records. The data, including mobile numbers, PAN details, addresses, and medical information, was allegedly accessible through a website created by a hacker

Star Health insurance had said it did not find any evidence of wrongdoing by the company’s chief information security officer in a data leak incident

Hyderabad: Insurance regulator IRDAI in its first ever penalty on any insurer for violating cyber regulations, on Friday, has imposed a stiff fine of Rs 3,39 crore on Chennai based Star Health

“The IRDAI is in exercise of power under Section14(1) of IRDAI Act 1999 and section 102 of the Insurance Act 1938 has imposed a penalty of Rs 3. 39 lakhs and issued warning for various violations established under IRDAI ‘s Information & Cyber Security Guidelines , 2023,’’ said IRDAI in a press release on Friday.

A significant data leak from Star Health Insurance was reported in Aug, 2024, affecting approximately 3.1 crore customer records.

The data, including mobile numbers, PAN details, addresses, and medical information, was allegedly accessible through a website created by a hacker.

The insurer’s stolen customer data including medical reports, were publicly accessible via chatbots on messaging app Telegram and through websites.

The hacker, known as xenZen, also claimed to have sent death threats and bullets to company executives.

However, Star Health Insurance, after reporting alleged unauthorized data access to local authorities, had said it did not find any evidence of wrongdoing by the company’s chief information security officer in a data leak incident.

It also had approached court to sue Telegram and the hacker to get the content removed from online platforms.

Afterwards, the websites on which the hacker publicly exposed the data, as well as Telegram chatbots deployed by the hacker, were taken down.

The company said that alleged communication between a hacker and the security officer were fabricated by the hacker.

Submit a Comment

Your email address will not be published. Required fields are marked *