CHENNAI: The case of breach of data of 3.1 crore customers of the Chennai-headquartered Star Health Insurance has taken a fresh turn with its MD Anand Roy, his wife Akhila Shetty Roy and CFO Nilesh Kambli allegedly getting threat messages delivered via courier from Hyderabad.
A probe by the TN cyber crime wing has found that the hacker known by his online identity ‘Xenzen’, who had released the data in public domain in September 2024, had hired a Hyderabad-based youth to send threats to the company’s officials in February 2025.
The youth, identified as Mohammed Irfan, was found from Telangana and arrested recently by the cyber crime officials under sections of data theft and the IT Act. Xenzen contacted Irfan through a private messenger app with end-to-end encryption, and instructed him to send threat letters and bullets inside tiffin boxes to the company officials, sources said.
Multiple such couriers were sent by Irfan under the pseudonym Adithya Sharma, for which he was paid Rs 20,000 by Xenzen. The cyber wing zeroed in on Irfan by tracing the UPI payments and linked mobile number he used for booking couriers, sources added.
The cyber crime wing had begun probe after the firm filed a complaint with them in September 2024, alleging that the hacker had threatened to leak all customers’ policy and insurance documents in public domain. He also demanded 68,000 USC (cryptocurrency) as ransom.
Eventually, Xenzen released the data and alleged the firm’s chief information security officer (CISO) was involved in the breach. The CISO was later given a clean chit after an internal audit by the firm.