A hacker known as “xenZen,” who leaked sensitive data from Indian health insurance company Star Health last year, has now claimed responsibility for sending death threats and bullets to the company’s top executives.
In an email dated March 31, xenZen said they sent threatening packages to Star Health’s CEO Anand Roy and CFO Nilesh Kambli in February. The packages, sent to the company’s Chennai head office, reportedly contained bullet cartridges and a note that said: “next one will go in ur and ur people’s head. tik tik tik.” Photos of the packages and the note were included in the email.
Star Health is India’s largest health insurer and has been under scrutiny since last September when Reuters first reported that xenZen had leaked private data of over 31 million customers, including their medical reports. The hacker claimed to have 7.24 terabytes of Star Health’s data and was trying to sell it.
The exact identity and location of xenZen are still unknown. They claim the threats were a response to the company allegedly denying insurance claims to certain customers, even when they had proper coverage. XenZen said some of these customers had reached out to them for help.
Read More: Man in Kolkata Arrested for Duping UK Amazon Customers in Cyber Fraud Case
Star Health’s legal team said they cannot comment as there is an ongoing and sensitive criminal investigation. The company also did not respond to further questions from Reuters. Kambli said the PR team would respond on his behalf, but no response was given.
The New Indian Express reported that Tamil Nadu police are investigating the threats and suspect xenophobia may be involved. Three police sources confirmed that the investigation is happening, but did not give details as the matter is confidential. One source mentioned that a man from Telangana was arrested for allegedly helping send the threatening packages on behalf of xenZen, but the man’s identity and detention status are unclear.
This case comes at a time when healthcare companies around the world are reviewing safety for their leaders. Last December, the CEO of UnitedHealthcare, Brian Thompson, was murdered in what was believed to be a targeted attack. The incident brought global attention to rising frustration among patients toward health insurance companies.
In the March 31 email, xenZen referred to Thompson’s death and said their threats came after customers complained to them about being denied rightful claims by Star Health.
Last year, Star Health confirmed a data breach and said they had received a ransom demand of $68,000. The company has sued xenZen and the messaging app Telegram, where the stolen data was being shared. Those Telegram chatbots have since been taken down, and the legal case is still ongoing.
