US software firm Cloudflare has denied any involvement in hosting two websites operated by a hacker offering stolen personal data and medical records of customers of top Indian insurer Star Health. This denial comes after the company became entangled in an Indian lawsuit filed by Star Health last week, where the insurer claimed that Cloudflare hosted the websites in question.
"Cloudflare is not the host for the domains in question," the firm told Reuters, clarifying that it functions as a pass-through service positioned between a website host and an end-user, which is why a Cloudflare IP address might be visible. Star Health has also taken legal action against Telegram and the self-styled hacker xenZen, following reports that sensitive personal data, including telephone numbers, copies of identity cards, and blood reports of its customers, were publicly accessible via Telegram chatbots.
The websites and Telegram bots were inaccessible as of Sunday. Star Health did not immediately respond to a request for comment outside regular business hours in India. Previously, Star Health stated that an initial assessment indicated "no widespread compromise," assuring that sensitive customer data remained secure. The company has obtained a temporary injunction from a court in its southern home state of Tamil Nadu, ordering Telegram and the hacker to block any chatbots or websites in India that make the data available online.
Last week, Telegram announced that any newly-created bots attempting to share this data were likely removed during a massive sweep of its searchable content.