The Insurance Regulatory and Development Authority of India (IRDAI) has imposed a significant cash penalty on Star Health Insurance, a private sector insurer, for a major data breach. The penalty amounts to Rs 3.39 crore, which is approximately Rs 5.42 crore when including additional fines. This action was taken in response to the leakage of highly sensitive data related to 3.1 crore insured individuals.
The data breach occurred in August last year, when a hacker group gained unauthorized access to Star Health Insurance’s core database. The compromised data included mobile numbers, taxpayer registration details, addresses, and medical reports. This sensitive information was made publicly accessible on Telegram and through chatbots via websites. Furthermore, the hacker group sent death threats and gunshots to the company’s executive chief, highlighting the severity of the situation.
The IRDAI warned Star Health Insurance about the violation of cyber security guidelines and imposed penalties under Section 114(1) of the Insurance Authority Act and the Insurance Act 1938. The regulator’s decision reflects the importance of maintaining robust cyber security measures to protect sensitive customer data.
Star Health Insurance has stated that there is no evidence to suggest that the head of the information technology department was at fault for the data leakage. The company has informed local authorities about the incident and is likely to be taking steps to improve its cyber security protocols to prevent such breaches in the future.
The incident highlights the need for insurance companies to prioritize data protection and invest in robust cyber security measures to safeguard sensitive customer information. The penalty imposed by the IRDAI serves as a reminder to insurance companies of the importance of complying with cyber security guidelines and regulations to avoid such breaches and the resulting consequences.