Bupa employee breaches personal details of 108,000 customers

A Bupa employee has stolen information relating to 108,000 international health insurance plan customers.

In an online statement, Bupa revealed that the data includes the names, dates of birth, nationalities and some contact and administrative information. No medical or financial data was lost.

The health insurer has alerted customers whose information has been affected.

Be wary of fraud

Bupa warned customers that their “policy information has been inappropriately copied and removed” and that criminals might use the details to commit fraud.

Sheldon Kenton, managing director of Bupa Global, said: “A thorough investigation is under way and we have informed the [Financial Conduct Authority] and Bupa’s other UK regulators.

“The employee responsible has been dismissed and we are taking appropriate legal action.”

Does your network infrastructure invite attack?

McAfee’s Grand Theft Data report reveals the extent of insider threats. Internal actors are reportedly responsible for more than 40% of serious data breaches experienced by the study’s respondents, and more than half of these were intentional (as opposed to employees accidentally losing data).

Data exfiltration is more likely to be done with physical media rather than electronic methods, and employee information was targeted more than customer information. Office documents are the most stolen type of information, “probably because these documents are stored on employee devices and many organisations place few controls on the data once it is no longer in a database”.

The importance of network penetration testing for your organisation

When stealing data, rogue employees find out where their organisation is most vulnerable and attack there, but it’s possible to stay one step ahead. Internal network penetration testing can help identify resources that are internally vulnerable and help the system administrator secure them.

Our approach to network penetration testing is closely aligned to the Open Source Security Testing Methodology Manual (OSSTMM), which tests the operational security of physical locations; workflows; and human, physical, wireless, telecommunications and data networks security testing.

Report findings from a network penetration test could include the discovery of weak or default passwords, unpatched or poorly configured systems, malware or confidential data that is not properly secured.

Find out more about our infrastructure penetration tests >>