The recent cyberattack on Star Health and Allied Insurance, one of India's largest health insurers, has taken a darker and more alarming turn. A hacker claiming responsibility for the breach has alleged that they not only infiltrated the company’s systems but also sent death threats—and even bullets—to top executives.
The claim surfaced late Friday on an underground hacking forum, where a user operating under the alias “Dark Thorne” posted screenshots of what they say are emails, chat messages, and package tracking details sent to executives at Star Health’s headquarters in Chennai. While the authenticity of these claims is still under investigation, the tone and content of the messages suggest a serious escalation beyond typical cybercrime.
Cyberattack Timeline
The cyberattack was first detected in early April, when internal IT teams noticed abnormal network traffic and unauthorized access attempts on several company servers. Initial assessments suggested a data breach affecting thousands of customer records, including policy details, medical history, and personal identification data.
Star Health issued a brief statement at the time, acknowledging “unauthorized access” and confirming that systems were being audited and reinforced.
However, as forensic experts dug deeper into the breach, troubling signs emerged. A ransom demand allegedly surfaced, with the attacker asking for a substantial cryptocurrency payment in exchange for not leaking the stolen data online.
Threats Turn Physical
According to the latest online post, the hacker claims they escalated to physical threats after the company “ignored” repeated warnings and refused to negotiate. The post includes images of what appears to be a bullet casing inside a parcel, addressed to a senior executive. A handwritten note accompanied the parcel, warning the recipient to “take the data breach seriously—or face consequences.”
Security sources close to the investigation, speaking on condition of anonymity, confirmed that at least one executive at Star Health did receive a suspicious package last week, which was immediately reported to the Chennai Police and the Cyber Crime Cell.
Law Enforcement Response
The Tamil Nadu Cyber Crime Cell, in coordination with central agencies, has launched a full-scale investigation into the threats. Authorities are working to verify whether the claims made by the hacker are legitimate and whether the packages originated domestically or from overseas.
A senior police official involved in the probe told reporters:
“We are treating the case with utmost seriousness. Any threat to life, whether digital or physical, will be dealt with under the full extent of the law. Our teams are analyzing the packages, email headers, and network trails to identify the origin of the threats.”
Company Tight-Lipped Amidst Crisis
Despite the growing media attention, Star Health has remained largely silent on the recent developments. A company spokesperson released a brief statement on Saturday, saying:
“We are cooperating fully with law enforcement agencies and are taking all necessary steps to ensure the safety and security of our employees and customers.”
The spokesperson did not confirm or deny the receipt of death threats or physical items.
Cybersecurity Experts Warn of New Trends
Experts in cybersecurity say the Star Health incident is part of a troubling trend where cybercriminals are shifting tactics—from financial extortion to direct physical intimidation.
“Most ransomware groups operate in the shadows. But if these claims are verified, it represents a dangerous crossover into real-world threats,” said Rahul Bhatnagar, a cyber threat analyst at InfoGuard Labs.
He added, “Sending bullets or threatening messages is a major escalation that could push companies and governments to take stronger countermeasures against threat actors, including offensive cyber operations.”
What’s Next?
As the investigation unfolds, customers and stakeholders of Star Health remain anxious about potential data exposure. The insurer has advised customers to monitor their financial accounts and remain alert for phishing attempts.
Meanwhile, cybersecurity teams across India's financial and healthcare sectors are on high alert, viewing the Star Health attack as a wake-up call for tightening digital and physical security protocols.