Bupa employee steals 547,000 customers' data

Financial and medical data not at risk, but insider shared info with "other parties"

More than 500,000 Bupa customers' data is in the wild after an employee "copied and removed" their information from the health insurer's systems.

No medical or financial information is at risk, but 547,000 people's names, email addresses, phone numbers, dates of birth, nationalities, and some admin details of beneficiaries is out there from the 108,000 policies stolen, Bupa confirmed.

The now ex-staffer is believed to have made the information they have available to "other parties" too, according to a letter sent to the affected policy holders from Sheldon Kenton, managing director of Bupa Global, the firm's international health insurance division.

"We know that this will be concerning and I would like to personally apologise," Kenton said in the letter, shared with computer security analyst Graham Cluley on Twitter.

Kenton saidin a statement sent to IT Pro: "This was not a cyber attack or external data breach, but a deliberate act by an employee. We have introduced additional security measures and increased our customer identity checks. A thorough investigation is underway and we have informed the FCA and Bupa's other UK regulators. The employee responsible has been dismissed and we are taking appropriate legal action."

A spokeswoman added that the firm discovered the breach in June and has been in touch with UK data watchdog the Information Commissioner's Office (ICO) and the police.

IT Pro has asked which 'other parties' may have the data and when the incident took place.

An ICO spokesperson said: "Organisations have a duty to protect people's privacy and personal data. We have been made aware of an issue involving Bupa Global and are making enquiries."

Cluley told IT Pro that the data theft could allow criminals to phone customers posing as Bupa Global staff, sharing enough information about customers to persuade their victims to part with more valuable data.

"It's easy to imagine how someone vulnerable could get a phone call out of the blue, believe it's Bupa, and give the criminals valuable information," he said.

While plenty of companies are worried about external cyber attacks, particularly after recent high-profile campaigns like WannaCry and Petya, Cluley said it's insiders who can be the greatest threat.

"You let people into your organisation, give them accounts and passwords and access to data, all the things hackers would love to have and they have to work very hard to get hold of, but if you have a rotten apple there who's a bit bent, it's very hard to stop them taking information with them if they are determined," Cluley said.

He pointed to tools that can mitigate the insider threat, like access control and data leak prevention software that can monitor if someone takes sensitive information, but added: "There's so much focus on external hackers but it's your staff who should keep you up at night."

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020
Ransomwiz lets you test your security with simulated ransomware
ransomware

Ransomwiz lets you test your security with simulated ransomware

21 Sep 2020
Best free malware removal tools 2020
Security

Best free malware removal tools 2020

21 Sep 2020
Windows Server flaw sparks emergency US gov warning
vulnerability

Windows Server flaw sparks emergency US gov warning

21 Sep 2020

Most Popular

Google Pixel 4a review: A picture-perfect package
Google Android

Google Pixel 4a review: A picture-perfect package

18 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020