Staysure hack leaves customers’ finances vulnerable

Insurance company blasted over unencrypted credit card details and customer notification procedures.

Data theft

Travel insurance provider to the over-50s Staysure has admitted customers may have had their financial information stolen during an October 2013 cyber attack.

The company has warned the encrypted payment card details of 93,000 customers who purchased insurance before May 2012 may have been stolen, along with unencrypted CVV details (the three digit security code on the back of cards). Customer names and addresses may also have been taken, it admitted.

A spokesperson for the company told IT Pro: "As soon as we became aware of the problem on November 14, we immediately removed the software and systems that the attackers exploited, and we are confident that we have taken the right steps to protect our customers in the future.

"We informed the relevant card issuing bodies straight away and subsequently The Financial Conduct Authority (FCA), the Information Commissioner's Office (ICO) and the police."

Independent consultants had also been brought in to work out what went wrong and how far-reaching the hack was, the spokesperson added.

Staysure's CEO has also issued a statement via the organisation's website, saying the firm is "deeply sorry and [is] working diligently to make sure that inconvenience to customers is minimised."

He also sought to reassure other customers, stating that if they have not been written to, they have not been affected.

However, the company's handling of the situation has been criticised on two fronts. Firstly, it took a month for the affected customers to be notified and the stored CVV information should never have been retained.

One customer told the BBC she was "astonished they kept [the CVV code] in an unencrypted form".

"I can't understand why I wasn't informed earlier. [Staysure] had clearly been in contact with the Financial Conduct Authority, the Information Commissioner and the police and it seems to me as a victim I was the last person to find out about it," the customer explained.

Staysure's spokesperson said, based on the advice it received, the company waited until it had identified the affected customers to prevent the spread of unnecessary worry. He added the company no longer retains any of its customers' financial information.

An ICO spokesperson confirmed it was investigating the hack.

"We have recently been made aware of a possible data breach which may involve Staysure. We will be making enquiries into the circumstances of the alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken," the spokesperson said.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

High-risk email security threats increased by 32% last year
phishing

High-risk email security threats increased by 32% last year

3 Mar 2021
Malicious ‘dependency confusion’ packages are stealing password files
hacking

Malicious ‘dependency confusion’ packages are stealing password files

2 Mar 2021
AOL users are the target of a new phishing campaign
phishing

AOL users are the target of a new phishing campaign

1 Mar 2021
Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021