India’s Star Health Takes Legal Action Against Telegram After Hacker Leaks Data Using App’s Chatbots, Reports Reuters

By Munsif Vengattil and Aditya Kalra

BENGALURU – Leading Indian insurer Star Health has initiated legal action against the messaging platform Telegram and an alleged hacker following reports that the hacker utilized chatbots on Telegram to leak personal information and medical reports of policyholders.

This lawsuit arises amidst increased international scrutiny of Telegram, especially after the arrest of its founder, Pavel Durov, in France last month. Allegations suggest that the app’s features are being exploited for illegal activities, although Durov and Telegram have denied any wrongdoing and are responding to the criticism.

Star Health has secured a temporary injunction from a court in Tamil Nadu, which mandates that both Telegram and the hacker halt any operations involving chatbots or websites in India that disseminate personal data.

In addition, Star has included a U.S.-listed software firm in its lawsuit, alleging that the leaked information was hosted on their services.

According to a court order dated September 24, Star stated that "confidential and personal data of customers and the plaintiff’s business activities has been accessed and leaked using Telegram’s platform."

Star Health, with a market capitalization exceeding $4 billion, publicly announced the details of its lawsuit through an advertisement in a prominent newspaper on Thursday.

The court has issued notices to both Telegram and the aforementioned software company, with a hearing scheduled for October 25. The advertisement by Star requested a court order to prevent Telegram and the software firm from using the name "Star Health" or sharing any of its data online.

Despite requests for comments, Star Health, Telegram, and the software firm did not respond.

The ability to create chatbots is widely credited with contributing to Telegram’s rapid growth, making it one of the largest messaging applications with 900 million active users each month.

Last week, reports indicated that an individual known as xenZen had made stolen data, including the medical reports of Star customers, publicly available on Telegram, shortly after allegations surfaced regarding the app’s facilitation of criminal activity.

Star Health had previously indicated that its initial investigations found "no widespread compromise" and that "sensitive customer data remains secure."

The hacker reportedly had two chatbots that provided access to Star Health data: one offered claim documents in PDF, while the other allowed users to retrieve details from millions of datasets, including policy numbers and names, with a single click.

In tests conducted by reporters, more than 1,500 files were downloaded, some dating to as recently as July 2024, including various personal documents and medical information.

After the chatbots were reported, Telegram’s spokesperson stated they had been "taken down" within 24 hours; however, new chatbots soon appeared.

Star Health has also named the hacker, xenZen, in its lawsuit. The hacker stated in an email that they would join the legal hearings online if allowed.

The incident with Star Health reflects a larger trend of hackers using similar tactics to sell stolen data. A recent survey revealed that India constituted 12% of the five million individuals affected by such data sales through chatbots.