Reuters reports:
Star Health has sued Telegram and a self-styled hacker after Reuters reported that the hacker was using chatbots on the messaging app to leak personal data and medical reports of policy holders.
The lawsuit comes amid growing scrutiny of Telegram globally and the arrest of its founder Pavel Durov in France last month, with the app’s content moderation and features allegedly abused for illegal activities. Durov and Telegram denied wrongdoing and are addressing the criticism.
Star has received a temporary injunction from a court in its home state of Tamil Nadu ordering Telegram and the hacker to block any chatbots or websites in India that make available the data online, according to a copy of the order.
Read more from Reuters at The Deccan Herald.
Unfortunately for Star Health, they injunction will not be sufficient. The threat actor known as xenZen simply posted it all for sale via a popular hacking forum. In their listing, they give aways some data as a sample and tell people how to purchase what they claim includes:
Total Data: 7.24 TB
Customers Data: 31,216,953 customers
Customers Insurance Claims Data: 5,758,425 claimsExclusive sale for whole data for $150k
Parts sale for 100k entries each for $10k
Custom package can be discussed
Apart from posting on a forum that does not honor court orders or law enforcement requests, the threat actor provided contacts on both Tox and Session.
There is almost no way to stop a threat actor from advertising and leaking or selling data if the threat actor is determined. Even naming the threat actor in any court order is likely to be ineffective at the time if the threat actor feels no fear of identification or arrest. That Telegram is cooperating with law enforcement and injunctions at this point is noteworthy, but it doesn’t solve Star Health’s problems.