Hacker Behind Star Health Data Leak Admits Sending Death Threats
The hacker who leaked personal data from India’s largest health insurer, Star Health and Allied Insurance, has now claimed responsibility for sending death threats to the company’s top executives.
Hacker Confesses to Threats in Email
The hacker, known online as “xenZen”, revealed in an email to Reuters on March 31 that they sent packages containing bullets to Star Health’s CEO Anand Roy and CFO Nilesh Kambli. These threats followed the company’s alleged denial of medical claims to certain customers. The email included photos of the packages and a note with a chilling message: “next one will go in ur and ur peoples head. tik tik tik.”
Reuters is reporting this email for the first time. It has not independently verified xenZen’s identity, the contents of the packages, or their claims about Star Health.
Investigation and Legal Response
Star Health has been under scrutiny since September, when Reuters first reported the data leak. At that time, xenZen claimed to possess over 7 terabytes of data affecting 31 million customers and said they were looking for buyers. The leak included sensitive medical information.
When contacted recently, Star Health’s chief legal officer said the company could not comment due to a “highly sensitive criminal investigation.” The company also did not respond to follow-up requests.
Tamil Nadu police, where the packages were delivered, have not publicly commented. However, three Indian police sources confirmed an investigation is underway. One source noted that a man from the neighbouring state of Telangana was arrested for allegedly helping to send the threatening packages.
Wider Impact on Health Insurance Industry
The case has renewed concerns over the safety of health insurance executives. In December, UnitedHealthcare CEO Brian Thompson was murdered in a targeted attack, raising global fears about rising anger among patients.
In the email, xenZen linked their threats to customer frustrations. They claimed to have been contacted by Star Health policyholders who were denied medical bill reimbursements, despite having valid plans.
Star Health has not commented on these claims or the motive described by the hacker.
Legal Proceedings and Data Leak Aftermath
Following the 2023 breach, Star Health launched an internal investigation. The hacker had allegedly demanded a ransom of $68,000. The company responded by suing both xenZen and Telegram, which hosted the leaked data through chatbots. The data has since been removed, but the court case is still ongoing.
with inputs from Reuters
