A text message query to Khanuja elicited no response.
The breach exposed over 7.24 terabytes of sensitive customer information including highly personal information such as full names, PAN and mobile numbers, email addresses, dates of birth, residential addresses, pre-existing medical conditions, policy numbers, nominee details, and even the height and weight of insured individuals.
The hacker’s revelations have gone viral on social media, with a post by a user named Deedy Das who shared an alleged email exchange between Khanuja and the hacker. According to the post, Khanuja, in his capacity as CISO, brokered the sale of Star Health’s customer data, delivering the treasure trove of private details to the hacker. The data reportedly fetched a price of $150,000.