In a July 26 stock exchange filing, Star Health acknowledged the ₹3.39 crore penalty for cybersecurity lapses, said its operations remain unaffected, and confirmed it's considering legal options, following a 2024 data breach involving customer information
The Insurance Regulatory and Development Authority of India (IRDAI) has imposed a penalty of ₹3.39 crore on Star Health and Allied Insurance Company for non-compliance with the IRDAI Information and Cyber Security Guidelines, 2023. In its notice dated July 25, the regulator also issued a formal warning to the insurer, although it did not publicly disclose the nature or specifics of the violations.
Star Health, in a stock exchange filing on July 26, acknowledged the penalty and clarified that it relates to lapses in data protection and cybersecurity protocols. The company stated that the financial impact is limited to the penalty amount and does not affect its ongoing operations or services. It is currently exploring legal remedies, including a possible appeal before the Securities Appellate Tribunal (SAT).
This regulatory action follows a cyberattack on Star Health in 2024, which led to a breach of customer data. The company had confirmed the incident in October last year, noting that it acted promptly in coordination with cybersecurity experts and law enforcement agencies. Star Health had claimed success in removing the compromised data from public access and subsequently implemented enhanced security measures.
The IRDAI’s penalty underscores the rising scrutiny of cybersecurity practices in the financial services sector, especially in the wake of growing threats to customer data. Star Health has reiterated its commitment to strengthening its systems and ensuring full compliance with regulatory standards moving forward.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
