BENGALURU: US software firm Cloudflare has denied any role in hosting two websites run by a hacker offering for sale stolen personal data and medical records of customers of top Indian insurer Star Health.

The statement comes after the company was made party to an Indian lawsuit filed by Star Health last week, in which the insurer alleged that Cloudflare hosted the websites in question.

“Cloudflare is not the host for the domains in question,” the firm told Reuters, adding that it works as a pass-through service situated between a website host and an end-user, which is why one may see a Cloudflare IP address.

Star Health has also sued Telegram and the self-styled hacker xenZen, after Reuters reported that sensitive personal data, from telephone numbers to copies of identity cards and blood reports of its customers, were publicly accessible via Telegram chatbots.

The websites and Telegram bots were inaccessible yesterday.

Star Health did not immediately respond to a request for comment outside regular business hours in India.

Earlier, Star Health said initial assessment showed “no widespread compromise”, adding that sensitive customer data remained secure.

The company has received a temporary injunction from a court in its southern home state of Tamil Nadu ordering Telegram and the hacker to block any chatbots or websites in India that make the data available online.

Last week Telegram told Reuters any newly-created bots attempting to share the data were probably removed in a massive sweep of its searchable content.

The Star Health lawsuit comes as global scrutiny of Telegram grows following last month’s arrest of its founder Pavel Durov in France, with the app’s content moderation and features allegedly abused for illegal activities. — Reuters