Exclusive-Star Health hacker says they sent death threats, bullets to India executives
NEW DELHI (Reuters) -The hacker who leaked sensitive personal data held by Indian health insurer Star Health last year has taken responsibility for sending death threats and bullets to the company's chief executive and finance head.
The hacker, who goes by the alias "xenZen", described their reprisals against Star Health and Allied Insurance Company in a March 31 email to Reuters. The news agency is reporting them for the first time.
Star Health, India's biggest health insurer, has faced criticism from customers and data security experts since Reuters reported last September that xenZen had leaked sensitive client data, including medical reports. At the time, xenZen told Reuters in an email they possessed 7.24 terabytes of data related to over 31 million Star Health customers and was speaking to potential buyers for the data.
The news agency hasn't independently confirmed the identity or location of xenZen, the accuracy of the facts laid out in the March 31 email or the hacker's motive for targeting Star Health and its executives, which the email ascribed to the company's denial of medical claims to certain customers.
In response to questions from Reuters, Star Health's chief legal officer said in a statement the company could not comment "due to an ongoing, highly sensitive criminal investigation" related to its data leak.
XenZen said they had concealed bullet cartridges in two packages sent to Star Health's head office in the southern Indian city of Chennai, in Tamil Nadu state, in February.
The email included photographs that showed the packages addressed to Chief Executive Anand Roy and Chief Financial Officer Nilesh Kambli and a note inside which read: "next one will go in ur and ur peoples head. tik tik tik."
Roy did not respond to a phone call requesting comment, while Kambli told Reuters Star Health's public relations team would respond on his behalf. The company did not respond to further requests for comment.
The New Indian Express on Saturday reported that police in Tamil Nadu were investigating the threats and had linked them to xenZen.
Tamil Nadu police did not respond to Reuters queries.
Three Indian police sources confirmed an investigation was underway. They declined to be named as the matter is confidential.
One police source said a man from the neighbouring state of Telangana, who the source did not name, has been arrested in recent days for allegedly helping courier the packages to Star Health on behalf of xenZen.
Reuters was unable to identify the individual or the status of his detention.
Globally, health care companies have been reassessing the risks for their top executives after UnitedHealthcare Chief Executive Brian Thompson was murdered in a targeted attack in December. The killing also called fresh attention to deepening patient anger over health insurance.
In the March 31 email to Reuters, xenZen referred to the killing of Thompson and said the death threats to the Star Health executives were sent after the hacker was contacted for help by customers of Star Health who had been denied claims on medical bills despite coverage plans with the company.
Star Health did not comment on what xenZen described as their motive, the claims of dissatisfied customers being denied or the police investigation into the threats.
Star Health launched internal investigations into last year's data leak, which the company said followed a ransom demand of $68,000 from the hacker.
Star Health last September sued xenZen and messaging app Telegram for hosting the sensitive customer data on its chatbots, court papers show. The chatbots hosting the stolen data have since been deleted and the case is ongoing.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Gizmodo
an hour ago
- Gizmodo
What Seemed Like a Pregnancy Was Actually Something Far More Dangerous
A woman's supposed pregnancy turned out to be something much stranger. In a recent report from her doctors, they detail how the woman had developed an incredibly rare form of ovarian cancer that mimicked the symptoms of pregnancy, even causing a positive pregnancy test. Doctors in India described the case of mistaken identity earlier this July in the journal Oncoscience. After first suspecting the woman had an ectopic pregnancy, the doctors instead discovered a large and rare type of tumor in her right ovary. Thankfully, the cancer was removed before it spread elsewhere, and the woman seems to have responded well to treatment. According to the report, the 36-year-old woman visited doctors three months into having intermittent bouts of heavy menstrual bleeding. She tested positive for a pregnancy on a urine test, and when doctors performed a physical examination, they felt a solid mass along her abdomen consistent with having a 20-week-old fetus. An initial ultrasound appeared to show that the woman was experiencing an ectopic pregnancy, a condition where the embryo forms outside of the uterus, usually in the fallopian tube (ectopic pregnancies are inherently non-viable). After conducting more extensive imaging, they found that she actually had cancer in her right ovary, most likely a choriocarcinoma. Choriocarcinomas are tumors mainly formed from the cells that become the placenta during a pregnancy. It's an especially dangerous cancer since the tumors tend to grow quickly and spread to other parts of the body. The woman's doctors soon performed surgery to assess the progression of her cancer and to treat it if possible. They successfully removed the tumor, along with the woman's uterus, ovaries, and surrounding lymph nodes. Though relatively large, the tumor was still in an early stage of development and hadn't metastasized. When the doctors looked closer, though, they found her cancer was even weirder than first thought. Choriocarcinomas are usually gestational, meaning they're linked to pregnancy; oftentimes, the tumor will even arise from an abnormal and non-viable pregnancy. But the woman's cancer was a non-gestational ovarian choriocarcinoma (NGOC), which only accounts for 0.6% of all reported ovarian germ cell tumors (a germ cell being the actual egg). What's more, the cancer was a pure NGOC, an 'exceedingly rare' subtype made completely out of germ cells and not any other kinds of tissues. An image of the woman's tumor, as well as her uterus and a benign ovarian cyst, can be seen here, but be warned, it's not for the faint of heart. While these cancers aren't tied to pregnancy, they do cause the body to produce high levels of the hormone human chorionic gonadotropin (hCG). Women also produce high levels of hCG during pregnancy, and some tests detect pregnancy through measuring hCG, explaining the woman's positive result. 'NGOC is a rare, distinct, and highly aggressive tumor that predominantly affects young, reproductive-aged women,' the authors wrote. Fortunately, in this case, the cancer appears to have been caught early enough in time. Following surgery, the woman was placed on chemotherapy. And her most recent tests showed that her hCG level had returned to normal, indicating a complete treatment response, according to the doctors. She will need to have regular follow-up tests, including CT imaging, to make sure the cancer isn't staging an unwelcome comeback.
Gizmodo
2 hours ago
- Gizmodo
HR Giant Workday Got Hacked
Workday, a company that provides human resources technology to over 11,000 corporations and 70 million users worldwide, announced in a classic Friday news dump that it suffered a data breach. The company did not disclose how much information was stolen by the hackers, but did reveal that information—including the names, email addresses, and phone numbers—of some users was compromised. The company said the breach hit some of its third-party customer relationship databases. If any other data was stolen, Workday didn't say for sure. The company only said there was 'no indication of access to customer tenants or the data' within those databases. But now Workday is worried that, while its breach may be limited, it could give rise to other breaches via social engineering attacks. 'The type of information the actor obtained was primarily commonly available business contact information, like names, email addresses, and phone numbers, potentially to further their social engineering scams,' Workday wrote. It's interesting to note how little specific information regarding the breach Workday has provided. The company didn't exactly hide that the breach happened, but it also took a little time before disclosing it. Per Bleeping Computer, the breach occurred on August 6. Then there's this spicy little detail from TechCrunch: the company's blog post announcing the breach has a 'noindex tag' in the source code, which signals to search engine crawlers not to index the page so it won't come up in search results. Maybe that's all a vaguely understandable decision from a reputation protection standpoint, but it doesn't exactly scream 'We're doing the best we can to keep our customers informed and safe.' According to Bleeping Computer, it seems the Workday hack is part of a bigger breach of Salesforce databases, which has caught a string of companies in the crossfire. Companies including Adidas, Google, Qantas Airways, and Cisco have all been hit as part of the attacks on Salesforce Customer Relationship Management systems. Those attacks have primarily been linked to a hacking group that goes by ShinyHunters, which has reportedly done most of its damage via social engineering and voice phishing attacks. So, it makes sense that Workday is warning its customers about exactly that. ShinyHunters has become something of a prolific threat in recent years. The extortion group has hit AT&T, stealing 73 million customer records from the telecom giant, and PowerSchool, which compromised the information of millions of students and teachers in the United States and Canada.
Gizmodo
3 hours ago
- Gizmodo
Israeli Cyber Official Arrested During Undercover Internet Crimes Against Children Sting
A high-ranking member of Israel's cybersecurity directorate was recently arrested in Las Vegas as part of an undercover sting operation involving internet crimes against children, according to the State Department. A joint operation between city police and the FBI that targeted child sex predators resulted in the arrest of Tom Artiom Alexandrovich, a man who, according to many news outlets, has been identified as a member of Israel's National Cyber Directorate, which operates out of Israeli Prime Minister Benjamin Netanyahu's office. Mediate previously reported that Alexandrovich's since-deleted LinkedIn profile had also identified him as an official with the agency. The Jerusalem Post claims that Alexandrovich worked 'in a technical role at the Cyber Directorate,' and KLAS-TV, a CBS news affiliate, also claims to have confirmed that an 'Israeli government official was one of eight people arrested' during the weekend sting, and that Alexandrovich was in the city for 'a cyber event.' Blackhat, the well-known cybersecurity conference, recently took place in Vegas. Additionally, the U.S. government appears to have confirmed much of this information. The X account for the State Department's Bureau of Near Eastern Affairs posted about the arrest, in an apparent effort to dispel internet rumors that the government had intervened on Alexandrovich's behalf. 'The Department of State is aware that Tom Artiom Alexandrovich, an Israeli citizen, was arrested in Las Vegas and given a court date for charges related to soliciting sex electronically from a minor,' the post states. 'He did not claim diplomatic immunity and was released by a state judge pending a court date. Any claims that the U.S. government intervened are false.' When reached for comment by Gizmodo, the State Department simply referred us to its tweet. Alexandrovich faces a charge of luring a child with a computer for sex acts, KLAS writes. He was allowed to leave after having posted a $10,000 bail, the outlet adds, citing court records. An archived Haaretz report states that a 'senior official in Israel's National Cyber Directorate' had been questioned in Vegas for alleged online solicitation of a minor, but does not identify the official by name. However, the report also includes a statement from Israel's cyber directorate, which admits that one of its employees was questioned by authorities during a trip to the U.S. The statement reads: 'The employee updated the directorate that during his trip to the United States, he was questioned by U.S. authorities on matters unrelated to his work, and he returned to Israel on his scheduled date. The directorate has not yet received additional details through official channels. If and when such details are received, the directorate will act accordingly.' Gizmodo reached out to the Las Vegas Police Department and the Israeli government for more information.
