Star Health files lawsuit against Telegram for chatbot-driven data breach

Star Health Files Lawsuit against Telegram and a self-proclaimed hacker after reports surfaced that the hacker used chatbots on the messaging platform to leak policyholders’ personal data and medical reports. India’s leading insurer, Health Star, took this legal action in response to the serious breach of privacy and security involving their clients’ sensitive information.

The lawsuit comes as Telegram faces increasing global scrutiny following the arrest of its founder, Pavel Durov, in France last month. Allegations have surfaced that the app’s content moderation and features have been misused for illegal activities. Durov and Telegram have denied any wrongdoing and are working to address the criticisms.

Health Star has secured a temporary court order in its home state of Tamil Nadu, directing Telegram and the hacker to block any chatbots or websites in India that are leaking the data online, as per the order copy.

Star has also filed a lawsuit against the U.S.-listed software firm Cloudflare Inc, claiming the leaked data on certain websites were hosted using its services.

In a court order from the Madras High Court on Sept. 24, Star Health stated, “Confidential and personal data of our customers and business activities have been hacked and leaked through Telegram’s platform.”

Star Health, a public company with a market value of over $4 billion, revealed the lawsuit details for the first time through an advertisement in The Hindu.

The court has issued notices to both Telegram and Cloudflare, with the next hearing scheduled for Oct. 25. In the ad, Star requested an injunction to prevent Telegram and Cloudflare from using its name, “Star Health,” or allowing any of its data to be accessed online.

Telegram’s popularity, with 900 million monthly active users, is partly attributed to its feature allowing users to create chatbots.

How Data Got Hacked

The hacker, identified as xenZen, allegedly leaked stolen data on Telegram, with reports claiming that the personal information of millions was being sold. Star Health initially  replied by assuring that there was “no widespread compromise” and that “sensitive data remained secure.”

As per Reuters reports the compromised documents contained names, phone numbers, addresses, tax details, ID card copies, test results, and medical diagnoses. Star Health also revealed that on August 13, an anonymous individual had contacted the company, claiming to have some of its data.

Hackers are increasingly leveraging chatbots to sell stolen data, with Star Health’s situation exemplifying this alarming trend. A survey by NordVPN conducted at the end of 2022 revealed that of the five million people whose data was sold through chatbots, India accounted for the largest share of victims, representing 12%.

The founder of Telegram Pavel Durov was arrested in France last month, amid allegations that Telegram’s content moderation policies allowed for criminal misuse of its features. Telegram has denied these claims, but following the arrest, the platform pledged to implement new measures to enhance security and safeguard user privacy.

You might also be interested in – Telegram makes U-turn on decision related to sharing user data with law enforcement agencies