Bupa Breach Not A Cyber Attack Or External Data Rift
Bupa, the health insurance firm with a global presence, has admitted to a massive global data breach that has led to personal data of customers getting stolen. As per reports from security experts, a rogue employee has stolen and tried to sell at least 100,000 clients’ private data online.
A statement published by Bupa Global, along with a video statement by Sheldon Kenton, Managing Director of Bupa Global, says- “We recently discovered an employee of our international health insurance division (which is called ‘Bupa Global’), had inappropriately copied and removed some customer information from the company. Around 108,000 international health insurance policies are affected.”. The statement further says- “The information does not include any financial or medical data, and relates to a portion of customers with international health insurance.”
Experts who have analyzed and studied the breach say that the data that has been stolen includes names, dates of birth, nationalities and some contact details.
The statement from Bupa Global says– “We are contacting those customers who are affected to apologize and advise them as we believe the information has been made available to other parties. The data taken include names, dates of birth, nationalities, and some contact and administrative details including Bupa insurance membership numbers.”
Bupa Global, as per reports, has fired the employee who has caused the breach. An investigation has been initiated and steps have been taken to add additional security measures.
The Bupa Global statement says – “Protecting the information we hold about our customers is an absolute priority and I would like to assure customers that we are treating this seriously and taking steps to address the situation. This was not a cyber attack or external data breach, but a deliberate act by an employee. We have introduced additional security measures and increased our customer identity checks. A thorough investigation is underway and we have informed the FCA and Bupa’s other UK regulators. The employee responsible has been dismissed and we are taking appropriate legal action.”
Max Bupa has also asked customers to stay cautious and to “take care to double check the sender of any communication that asks for financial or other personal details”. Customers have been advised to be suspicious of anyone who asks for bank account or credit card details, to double check email addresses and not to download software or let anyone log on to their computers/devices remotely following unsolicited calls, even if the calls claim to be coming from Bupa or another company.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.