Star Health secured a temporary injunction from a Tamil Nadu court, which mandates Telegram and the hacker to block any chatbots or websites within India that distribute the leaked data. The lawsuit also includes US-listed software company Cloudflare Inc, which is accused of hosting the leaked data on its services.
Bengaluru: Star Health, one of India’s leading insurance companies, filed a lawsuit against Telegram and a self-proclaimed hacker after Reuters reported that the hacker was using chatbots on the messaging platform to leak personal data and medical reports of policyholders.
This lawsuit is set against a backdrop of increasing scrutiny of Telegram worldwide and follows the arrest of its founder, Pavel Durov, in France last month, amid allegations of the app being misused for illegal activities. Both Durov and Telegram have denied any wrongdoing and are addressing the criticisms.
Star Health secured a temporary injunction from a Tamil Nadu court, which mandates Telegram and the hacker to block any chatbots or websites within India that distribute the leaked data. The lawsuit also includes US-listed software company Cloudflare Inc, which is accused of hosting the leaked data on its services.
The Madras High Court order dated September 24 cites Star’s claim that
“confidential and personal data of customers and the plaintiff’s business activities in general has been hacked and leaked by using the platform (of Telegram).”
Star Health, which has a market capitalization of over $4 billion, publicly announced the lawsuit for the first time in a newspaper advertisement in The Hindu on Thursday.
The court has issued notices to both Telegram and Cloudflare, with the next hearing scheduled for October 25. The advertisement from Star Health requested an injunction to prevent Telegram and Cloudflare from using the trade name “Star Health” or making any of its data available online.
Telegram has grown to become one of the world’s largest messaging apps, with 900 million active monthly users, largely due to the ability for users to create chatbots.
Recently, Reuters reported that an individual known as xenZen had made stolen data, including medical reports of Star Health customers, publicly available on Telegram. This came shortly after allegations against Telegram’s founder for permitting the app to facilitate criminal activities.
Star Health previously indicated that its initial assessment revealed “no widespread compromise” of its systems and that “sensitive customer data remains secure.”
Two chatbots associated with Star Health distributed leaked data, with one providing claim documents in PDF format and another allowing users to request up to 20 samples from 31.2 million datasets, which included sensitive details like policy numbers and medical information.
In testing the bots, Reuters downloaded over 1,500 files, some dating as recently as July 2024, which contained personal information such as names, phone numbers, addresses, tax card details, ID card copies, medical test results, diagnoses, and blood reports.
Following a notification from Reuters about the chatbots on September 16, Telegram’s spokesperson, Remi Vaughn, stated that they were taken down within 24 hours, although new chatbots appeared soon after.
Star has also included the hacker xenZen in the lawsuit. The hacker expressed willingness to join the hearings online if permitted.
The incident involving Star Health chatbots highlights a growing trend of hackers leveraging such platforms to sell stolen data.
According to a recent survey by NordVPN, India accounted for the largest share of victims, with 12% of five million people affected by data breaches via chatbots in 2022.
