Telegram Responds to Star Health India Data Leak, Says It Can’t Monitor All Chatbots

Messaging platform Telegram informed an Indian court that it cannot monitor all accounts on its platform for potential leaks, including those related to the Star Health India data breach. The platform acknowledged the situation but emphasized that its responsibility was limited to blocking content that is flagged to it, citing the difficulties of overseeing the vast number of accounts and bots hosted on the platform.

The data leak, first reported by Reuters on September 20, involved a hacker using Telegram’s chatbots and external websites to disseminate highly sensitive customer information, including biometric identification cards and medical claim documents. This breach has significantly impacted Star Health, India’s largest health insurer, sparking concerns about the security of personal health data and the role of platforms like Telegram in mitigating such risks.

In response to the incident, Star Health approached the Madras High Court last month, seeking a directive to Telegram to remove all bots associated with the data leak. The insurer argues that Telegram’s failure to adequately monitor and block these malicious bots contributed to the leak of confidential information, which has harmed the reputation and trust that customers place in the company’s services.

While Telegram has reiterated its commitment to user privacy and safety, the company highlighted the practical challenges of enforcing comprehensive oversight over every account and bot on its platform. With millions of users and a wide range of automated bots in operation, Telegram suggests that a more collaborative approach involving regulatory bodies and businesses is needed to prevent future incidents and protect user data more effectively.