Hundreds of Thousands Affected in Private Health Insurance Provider Breach

Media Division | July 17, 2017

There are numerous types of data stored by digital means that can be extremely valuable to attackers. The personal information of people is a treasure trove to attackers for various purposes, whether it be to commit fraud or to sell it on the black market for other criminals to use. One type of organization that can hold large amounts of data about massive numbers of people is various types of insurance agencies, which is why attackers tend to heavily target these types of organizations. But, not all data breaches are the result of an exterior breach, as some can be an inside job. And a recent occurrence of this involved Bupa, an international health group, as they have suffered a breach stemming from a rogue employee.

The Details of the Breach

In a statement from Bupa on Friday, they admitted that an employee within its international health insurance division had “inappropriately copied and removed some customer information from the company.” This branch of Bupa deals in international insurance for those who frequently travel or work overseas, and their clientele for this is massive. In fact, there were around 547,000 customers affected nationwide. The data breach includes information such as names, dates of birth, nationalities, some contact data and Bupa insurance numbers. The staff member that perpetrated the attack has since been dismissed and Bupa will be pursuing legal action against them. Bupa is working to take the appropriate mitigative actions, as they said in a statement, “We are contacting those customers who are affected to apologize and advise them, as we believe the information has been made available to other parties.” There does not appear to be any reports as to what other parties the information was provided to, nor whether there is a plan to address that.

It is fortunate that no financial data was affected in the attack, but the leaked data can still be used for malicious intent. This type of information very well may be sold on the black market for the holder to turn a good profit. An example of how this information could be used is in the realm of phishing scams. The criminal could email one of the insurance policy holders and use the stolen information to make the contact seem very legitimate, potentially resulting in the policyholder following malicious directions from the scammer. This could lead to compromised information, malware infections, financial scams, and much more. Hopefully, Bupa will be taking further action to ensure that their customers are protected in this avenue as well. They did say in their statement that they are contacting those affected to advise them, so hopefully, this includes briefing them of the above possibility.

Mitigating an Incident with Proper Data Breach Solutions

A data breach can be one of the most hellacious incidents for an organization to suffer. It can be chaotic and damaging, and can realistically cause an organization to fail if not properly mitigated through data breach solutions. There is a series of actions that an organization must rapidly undertake in the event of a breach, such as discovering the source, repairing any vulnerabilities, notifying affected customers, and tracing or legally pursuing the perpetrator. Neglect in any of the above steps can lead to far less mitigation of an incident, and further ramifications for the organization. Those who do not have the necessary resources to meticulously address the above should seek outside help rather than attempting it themselves and doing a poor job. Massive Alliance offers comprehensive data breach solutions that can help an organization to recover from a breach to a large extent.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.